Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect[RESOLVED]


  • This topic is locked This topic is locked

#1
ravencelt

ravencelt

    Member

  • Member
  • PipPip
  • 56 posts
I ran the AVG scan in safe mode first, didn't seem to change anything so far. Thanks!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:39 PM, on 3/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.co...s...33&_lang=EN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by116fd.bay11...ex/HMAtchmt.ocx
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9945 bytes
  • 0

Advertisements


#2
MoNsTeReNeRgY22

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hello and Welcome to Geeks to Go. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Sorry for the delay.

Please download Deckard's System Scanner (DSS) to your desktop.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, a text file will open - Main.txt
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
  • An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
  • Please go to that folder and also copy the contents of Extra.txt to your post as well.
Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
  • 0

#3
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
MoNsTeReNeRgY22 will not be able to assist you so I will be taking over this log.

Please follow the instructions he has given above, and post the two DSS logs in your next reply.

Also please give me a full description of your problem.

Regards,
RatHat
  • 0

#4
ravencelt

ravencelt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hi there, thanks for the reply. The exact problem I am having is, when I go to Google and search, then click on the pages it brings up, I get redirected to other random sites. I have to go back to Google a few times and re-search before it works correctly. Although, I just tested it after I ran the Deckards, and it's not doing it anymore! Maybe I am ok now?

Deckard's System Scanner v20071014.68
Run by Andrea on 2008-03-12 17:45:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
102: 2008-03-12 21:45:21 UTC - RP578 - Deckard's System Scanner Restore Point
101: 2008-03-12 07:00:17 UTC - RP577 - Software Distribution Service 3.0
100: 2008-03-12 05:56:50 UTC - RP576 - System Checkpoint
99: 2008-03-11 04:56:50 UTC - RP575 - System Checkpoint
98: 2008-03-10 03:57:55 UTC - RP574 - System Checkpoint


-- First Restore Point --
1: 2007-12-14 08:28:19 UTC - RP477 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Andrea.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:37 PM, on 3/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\dss.exe
c:\program files\mcafee\mpf\mc\mpfalert.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Andrea.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.co...s...33&_lang=EN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by116fd.bay11...ex/HMAtchmt.ocx
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9679 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080306-084324-723 O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
backup-20080307-175757-232 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ELhid - c:\windows\system32\drivers\elhid.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELkbd - c:\windows\system32\drivers\elkbd.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELmon - c:\windows\system32\drivers\elmon.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELmou - c:\windows\system32\drivers\elmou.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ELService (Intel® Quick Resume Technology Drivers) - "c:\program files\intel\inteldh\intel® quick resume technology\elservice.exe" <Not Verified; Intel Corporation; Intel® Quick Resume Technology>

S4 Dcomnapxs -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Instant Wireless PCI Card
Device ID: PCI\VEN_1260&DEV_3873&SUBSYS_38741737&REV_01\4&5855BE9&0&28F0
Manufacturer: The Linksys Group, Inc.
Name: Instant Wireless PCI Card
PNP Device ID: PCI\VEN_1260&DEV_3873&SUBSYS_38741737&REV_01\4&5855BE9&0&28F0
Service: WMP11


-- Scheduled Tasks -------------------------------------------------------------

2008-03-12 03:00:01 490 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
2008-03-01 02:00:10 354 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-02-15 02:17:36 352 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-02-12 and 2008-03-12 -----------------------------

2008-03-12 17:43:00 686630 --a------ C:\dss.exe
2008-03-06 17:06:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-06 17:00:52 0 d-------- C:\Documents and Settings\Andrea\Application Data\Grisoft
2008-03-06 17:00:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-05 21:47:17 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-05 20:31:02 0 d-------- C:\Program Files\LimeWire
2008-03-05 20:29:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-05 20:29:09 0 d-------- C:\Program Files\Common Files\iS3


-- Find3M Report ---------------------------------------------------------------

2008-03-11 17:38:13 0 d-------- C:\Documents and Settings\Andrea\Application Data\LimeWire
2008-03-07 23:50:49 0 d-------- C:\Program Files\Java
2008-03-06 17:39:28 0 d-------- C:\Program Files\McAfee
2008-03-05 21:41:27 0 d-------- C:\Program Files\Canon
2008-03-05 21:40:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-05 21:39:29 0 d-------- C:\Program Files\STOPzilla!
2008-03-05 20:29:09 0 d-------- C:\Program Files\Common Files
2008-02-24 17:41:15 0 d-------- C:\Documents and Settings\Andrea\Application Data\AdobeUM
2007-12-26 20:50:08 268 -r-h----- C:\Documents and Settings\Andrea\Application Data\Frameworks


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [01/17/2007 06:30 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [08/15/2007 08:15 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/14/2005 08:51 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/27/2007 03:22 PM]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [03/16/2007 07:51 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]

C:\Documents and Settings\Andrea\Start Menu\Programs\Startup\
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [5/15/2007 7:13:10 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [10/2/2003 2:08:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk
backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb85b0f0-91bf-11db-b8bd-00038a000015}]
AutoRun\command- G:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-03-12 17:47:08 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 2.80GHz
CPU 1: Intel® Pentium® D CPU 2.80GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2046.09 MiB / 1491.36 MiB
Pagefile Memory (total/avail): 3938.2 MiB / 3518.6 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.69 MiB

C: is Fixed (NTFS) - 228.13 GiB total, 174.4 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP2504C - 232.83 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 228.13 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"="C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe:*:Enabled:lotroclient.exe"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\UVU\\UVU Media Player\\UVUMediaPlayer.exe"="C:\\Program Files\\UVU\\UVU Media Player\\UVUMediaPlayer.exe:*:Enabled:UVU Media Player"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Andrea\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TEMPLEOFDOOM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Andrea
LOGONSERVER=\\TEMPLEOFDOOM
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Andrea\LOCALS~1\Temp
TMP=C:\DOCUME~1\Andrea\LOCALS~1\Temp
USERDOMAIN=TEMPLEOFDOOM
USERNAME=Andrea
USERPROFILE=C:\Documents and Settings\Andrea
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Andrea (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe InDesign CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support --> MsiExec.exe /I{763E8D6C-0098-4FF4-801A-3F311D2D9D80}
Autodesk Architectural Desktop 2005 --> MsiExec.exe /I{5783F2D7-0304-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support 3.1 --> MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
EQ2MAP Updater 1.0.6 --> C:\Program Files\EQ2MAP Updater\uninst.exe
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
EverQuest II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EE39B32-BA05-433C-BC0D-35797518A3A5}\ISInst.exe" -l0x9
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google SketchUp --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1423608-F529-40A1-93CA-C7F396F30DF0}\setup.exe" -l0x9
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Images of Ireland Theme for Windows XP --> MsiExec.exe /X{E3387EAB-DFD3-4894-9F4C-B27669D35ED8}
Intel Matrix Storage Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{4CEA6811-DFAD-4892-828D-49941FE3B779}
Intel® Quick Resume Technology Drivers --> MsiExec.exe /I{8C22F265-DE76-44D1-8A79-A71D819137DA}
Intel® Quick Resume Technology Drivers --> MsiExec.exe /X{8C22F265-DE76-44D1-8A79-A71D819137DA} /qb!
Intel® Viiv™ --> MsiExec.exe /X{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}
iPod Update 2004-04-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E6696A8C-C55A-405C-AFEB-F3880A8BAA45} /l1033
iTunes --> MsiExec.exe /I{974C05A0-C76C-4724-A9A2-11D5D1355729}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LabelCreator Pro --> MsiExec.exe /X{B1D5C738-07D6-11D8-80AE-00036D10F3B7}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Uninstaller --> C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Script Debugger --> RunDll32 advpack.dll,LaunchINFSection C:\Program Files\Microsoft Script Debugger\ScrptDbg.inf, Uninstall.NT
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Nikon Message Center --> MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer --> MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RollerCoaster Tycoon 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
The Weather Channel Desktop --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\FRAMEW~1\wxfw.cpl,4
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zoo Tycoon 2 - Marine Mania --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{B406605B-45FE-4D8F-8250-1E77479583AE}


-- Application Event Log -------------------------------------------------------

Event Record #/Type6751 / Warning
Event Submitted/Written: 03/12/2008 03:08:54 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type6750 / Warning
Event Submitted/Written: 03/12/2008 03:08:54 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type6662 / Warning
Event Submitted/Written: 03/07/2008 08:53:29 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type6661 / Warning
Event Submitted/Written: 03/07/2008 08:53:29 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type6650 / Error
Event Submitted/Written: 03/06/2008 06:37:19 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module unknown, version 0.0.0.0, fault address 0x60b47930.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15540 / Warning
Event Submitted/Written: 03/12/2008 04:48:00 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type15507 / Error
Event Submitted/Written: 03/12/2008 03:07:09 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register with DCOM within the required timeout.

Event Record #/Type15493 / Warning
Event Submitted/Written: 03/11/2008 05:38:05 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type15427 / Warning
Event Submitted/Written: 03/07/2008 10:32:35 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type15421 / Warning
Event Submitted/Written: 03/07/2008 08:42:28 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-03-12 17:47:08 ------------
  • 0

#5
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi Andrea,

You do show signs of an infection, so lets start getting rid of it.

Please read this Combofix tutorial before continuing, then follow the instructions below.

Download ComboFix from Here, Here or Here to your Desktop. (If you already have ComboFix, please delete it and download this new version).

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Save this log to your desktop as Combofix.txt and post it in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

Click the Accept button.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop as Kaspersky.txt.
  • Copy and paste that information in your next post.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next post, please include:
  • The contents of Combofix.txt
  • The contents of the MBAM report
  • The contents of Kaspersky.txt
  • A fresh HijackThis log, taken after completing all of the above

Regards,
RatHat
  • 0

#6
ravencelt

ravencelt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Malwarebytes' Anti-Malware 1.08
Database version: 493

Scan type: Quick Scan
Objects scanned: 18163
Time elapsed: 1 hour(s), 8 minute(s), 49 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 139
Files Infected: 2626

Memory Processes Infected:
c:\program files\the weather channel fw\desktop weather\desktopweather.exe (Adware.Hotbar) -> Unloaded process successfully.

Memory Modules Infected:
c:\program files\the weather channel fw\framework\wxfw.dll (Adware.Hotbar) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\the weather channel desktop (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DW4 (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\The Weather Channel FW (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Registry Backups (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\13-10-2007-15-50-28 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\13-12-2007-03-00-48 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\17-10-2007-00-36-52 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\18-10-2007-03-00-51 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\18-10-2007-08-16-27 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\18-11-2007-03-00-43 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\18-11-2007-06-52-52 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\19-10-2007-08-00-54 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\20-10-2007-10-03-41 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-21-04-35 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-21-06-08 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-12-2007-03-01-50 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\26-11-2007-07-44-38 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\29-10-2007-08-06-03 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\30-11-2007-22-34-47 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\17-10-2007-00-36-52\10031.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\17-10-2007-00-36-52\10033.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\17-10-2007-00-36-52\10070.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\17-10-2007-00-36-52\10080.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\17-10-2007-00-36-52\10081.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\17-10-2007-00-36-52\10087.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10050.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10057.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10063.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10069.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10070.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10071.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10072.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10097.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10108.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10115.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10122.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10127.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10129.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10130.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10131.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10133.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10135.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10136.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10137.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10138.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10165.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10166.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10167.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10172.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10175.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10176.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10305.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10313.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10360.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10361.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10364.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10366.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10374.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10408.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10428.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10437.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10442.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10575.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10576.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10614.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10638.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10660.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10690.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10691.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10709.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10710.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10711.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10712.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10713.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10718.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10729.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10740.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10745.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10746.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10748.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10751.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10752.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10756.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10758.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10759.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\21-09-2007-20-50-56\10760.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10795.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10798.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10800.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10837.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10847.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10848.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10854.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10876.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10878.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10882.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10884.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10886.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10887.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10893.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10915.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10917.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10918.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10940.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\10980.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11005.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11013.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11017.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11018.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11023.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11028.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11033.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11038.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11043.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11048.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11053.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11058.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11063.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11068.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11073.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11078.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11083.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11088.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11093.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11098.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11103.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11108.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11113.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\24-09-2007-07-48-01\11118.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\the weather channel fw\desktop weather\desktopweather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\the weather channel fw\framework\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\eula.html (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\INSTALL.LOG (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\uninstall.bat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\UNWISE.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\UNWISE.INI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\INSTALL.LOG (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelNE.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelQC.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\uninstall.bat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\UNWISE.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\UNWISE.INI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxfw.cpl (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\fp.dat (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\rs.dat (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Log\2008 Jan 01 - 03_00_00 AM_406.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Log\2008 Jan 01 - 03_00_00 AM_906.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10000.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10000.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10001.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10002.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10003.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10004.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10005.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10006.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10007.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10008.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10009.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10010.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10011.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10012.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10013.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10014.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10015.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10016.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10017.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10018.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10018.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10019.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10020.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10020.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10021.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10021.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10022.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10022.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10023.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10024.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10025.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-10-2007-21-27-11\10025.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10000.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10000.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10001.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10001.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10002.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10002.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10003.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10003.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10004.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10004.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10005.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10005.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10006.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10006.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10007.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10007.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10008.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10008.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10009.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10009.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10010.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10010.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10011.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10012.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10012.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10013.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10014.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10014.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10015.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10015.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10016.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10016.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10017.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10018.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10019.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-03-00-51\10019.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10019.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10020.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10021.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10022.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10023.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10024.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10025.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10025.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10026.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10026.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10027.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10028.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10029.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10029.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10030.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10031.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10032.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10033.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10034.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10035.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10036.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10037.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10038.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10039.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10040.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10040.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10041.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10042.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10042.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10043.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10043.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10044.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10044.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10045.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10046.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10047.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-11-2007-08-05-50\10047.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10000.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10000.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10001.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10001.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10002.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10003.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10004.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10005.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10006.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10007.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10008.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10009.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10010.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10010.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10011.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10012.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10013.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10014.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10015.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10016.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10017.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10018.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10019.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10020.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10021.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10022.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10022.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10023.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10024.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10024.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10025.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10025.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10026.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10026.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10027.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10028.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10029.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\02-12-2007-03-01-05\10029.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\13-10-2007-15-50-28\10000.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\13-10-2007-15-50-28\10000.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\13-10-2007-15-50-28\10001.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\13-10-2007-15-50-28\10002.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\13-10-2007-15-50-28\10002.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\13-10-2007-15-50-28\10003.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\13-10-2007-15-50-28\10004.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\13-10-2007-15-50-28\10005.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\13-10-2007-15-50-28\10006.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\13-10-2007-15-50-28\10006.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\13-10-2007-15-50-28\10007.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\13-10-2007-15-50-28\10008.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\13-10-2007-15-50-28\10009.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Application Data\SpywareBot\Quarantine\13-10-2007-15-50-28\10010.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings&
  • 0

#7
ravencelt

ravencelt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
The MBAM is too long for the first reply...it just goes on and on with the rogue bots. Do you want me to try to post the rest if it?

Here are the others anyway:

ComboFix 08-03-14.4 - Andrea 2008-03-14 19:23:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1409 [GMT -4:00]
Running from: C:\Documents and Settings\Andrea\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.

2008-03-12 20:08 . 2008-03-12 20:08 <DIR> d-------- C:\Program Files\Netflix
2008-03-12 17:43 . 2008-03-12 17:43 686,630 --a------ C:\dss.exe
2008-03-12 03:01 . 2008-03-12 03:01 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-06 17:06 . 2008-03-06 17:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-06 17:00 . 2008-03-06 17:00 <DIR> d-------- C:\Documents and Settings\Andrea\Application Data\Grisoft
2008-03-06 17:00 . 2008-03-06 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-06 17:00 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-05 21:47 . 2008-03-05 21:58 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-05 20:31 . 2008-03-05 20:31 <DIR> d-------- C:\Program Files\LimeWire
2008-03-05 20:29 . 2008-03-05 20:29 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-03-05 20:29 . 2008-03-05 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 22:57 --------- d-----w C:\Documents and Settings\Andrea\Application Data\LimeWire
2008-03-08 03:50 --------- d-----w C:\Program Files\Java
2008-03-06 21:39 --------- d-----w C:\Program Files\McAfee
2008-03-06 01:41 --------- d-----w C:\Program Files\Canon
2008-03-06 01:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-06 01:39 --------- d-----w C:\Program Files\STOPzilla!
2008-03-06 01:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-24 21:41 --------- d-----w C:\Documents and Settings\Andrea\Application Data\AdobeUM
2008-02-21 02:40 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-27 00:49 106,496 ----a-w C:\WINDOWS\system32\ATL71.DLL
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-10-16 21:39 70,584 ----a-w C:\Documents and Settings\Andrea\Application Data\GDIPFONTCACHEV1.DAT
2004-01-15 07:34 259,539,966 ----a-w C:\Program Files\Microsoft Office XP Publisher 2003.zip
2001-04-04 23:11 1,499,904 ----a-r C:\Program Files\INSTMSIW.EXE
2001-04-04 23:11 1,489,152 ----a-r C:\Program Files\INSTMSI.EXE
2001-04-03 01:50 29 ----a-r C:\Program Files\cd-key.txt
2001-03-02 05:38 3,485,184 ----a-r C:\Program Files\PROPLUS.MSI
2001-03-02 05:35 306,688 ----a-r C:\Program Files\OWC10.MSI
2001-03-01 20:35 224,771,818 ---ha-r C:\Program Files\OFFICE1.CAB
2001-02-21 18:18 7,929 ----a-r C:\Program Files\README.HTM
2007-05-08 01:44 88 --sh--r C:\WINDOWS\system32\A6CCDDAAF9.sys
2007-07-17 00:28 3,506 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51 715888]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 20:51 7323648]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

C:\Documents and Settings\Andrea\Start Menu\Programs\Startup\
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-05-15 19:13:10 479232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 14:08:08 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk
backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 05:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 03:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 14:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2005-06-17 07:56 139264 C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 10:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 10:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-08-15 20:15 271672 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-01-18 18:07 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-01-18 18:47 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-01-18 18:37 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2004-10-08 12:52 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-12-14 20:51 7323648 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-02-10 18:17 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-07-26 03:03 49263 C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S3 WMP11;Instant Wireless PCI Card Driver;C:\WINDOWS\system32\DRIVERS\WMP11NDS.sys [2002-05-16 12:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb85b0f0-91bf-11db-b8bd-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 06:17:36 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-03-01 06:00:10 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-03-14 07:00:01 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot.AndreaVRuns SpywareBot to scan your computer for malicious and potenially unwanted programs.
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 19:24:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-14 19:25:16
ComboFix-quarantined-files.txt 2008-03-14 23:25:13
ComboFix2.txt 2008-03-14 23:14:40
.
2008-03-12 07:01:35 --- E O F ---

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, March 14, 2008 11:32:22 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/03/2008
Kaspersky Anti-Virus database records: 630518
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 119211
Number of viruses found: 3
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 01:53:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{0B63F910-A41B-4128-B63A-AB6CE9AA9B40}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{43536C87-3A5B-4166-A5EE-405891E48EAC}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{6F305B5C-657D-43D9-BFB6-F81ECE2BB738}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\Andrea\Application Data\Sun\Java\Deployment\cache\6.0\31\5facab1f-29f5a32d/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Andrea\Application Data\Sun\Java\Deployment\cache\6.0\31\5facab1f-29f5a32d ZIP: infected - 1 skipped
C:\Documents and Settings\Andrea\Application Data\Sun\Java\Deployment\cache\6.0\50\2ce40a72-14a8144e/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Andrea\Application Data\Sun\Java\Deployment\cache\6.0\50\2ce40a72-14a8144e ZIP: infected - 1 skipped
C:\Documents and Settings\Andrea\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-5770d7c5.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Andrea\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-5770d7c5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Andrea\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-6d061619.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Andrea\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-6d061619.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Andrea\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Andrea\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Andrea\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Andrea\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Andrea\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andrea\Local Settings\History\History.IE5\MSHist012008031420080315\index.dat Object is locked skipped
C:\Documents and Settings\Andrea\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andrea\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Andrea\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\McAfee.com\Agent\mpfpinst.exe/WISE0032.BIN/MpfService.exe Infected: Backdoor.Win32.IRCBot.gen skipped
C:\Program Files\McAfee.com\Agent\mpfpinst.exe/WISE0032.BIN Infected: Backdoor.Win32.IRCBot.gen skipped
C:\Program Files\McAfee.com\Agent\mpfpinst.exe WiseSFX: infected - 2 skipped
C:\Program Files\McAfee.com\Agent\mpfpinst.exe WiseSFXDropper: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP499\A0026147.exe Infected: not-a-virus:FraudTool.Win32.SpywareBot.i skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP581\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{A1BBD917-177E-4327-ADF9-B3B0B2A36118}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_0pZlSnC6sxO8DhX Object is locked skipped
C:\WINDOWS\Temp\mcafee_mjwwZbcmcZJ79z4 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_acSXVrM7dA4Jh16 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_BBErGw0wD8ecTMS Object is locked skipped
C:\WINDOWS\Temp\mcmsc_IvsKl4TwabcxHj4 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_OB5Rs5Q0vxAX6nD Object is locked skipped
C:\WINDOWS\Temp\mcmsc_w4kJ6At1vaCDsEx Object is locked skipped
C:\WINDOWS\Temp\mcmsc_YeTf9aKoDAD1Iwb Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_674.dat Object is locked skipped
C:\WINDOWS\Temp\sqlite_ERvkkKmgto7ZGhC Object is locked skipped
C:\WINDOWS\Temp\sqlite_NC4SYYrGhpujodP Object is locked skipped
C:\WINDOWS\Temp\sqlite_QnnbfYQwQ2VZy6o Object is locked skipped
C:\WINDOWS\Temp\sqlite_ydyLFN6t8N6h3O3 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#8
ravencelt

ravencelt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
New HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:29 AM, on 3/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.co...s...33&_lang=EN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by116fd.bay11...ex/HMAtchmt.ocx
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9062 bytes
  • 0

#9
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hey Andrea,

Don't worry about the MBAM log remainder, looks like it deleted a lot of files from quarantined folders.


1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\Documents and Settings\Andrea\Application Data\Sun\Java\Deployment\cache\6.0\31\5facab1f-29f5a32d
C:\Documents and Settings\Andrea\Application Data\Sun\Java\Deployment\cache\6.0\50\2ce40a72-14a8144e
C:\Documents and Settings\Andrea\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-5770d7c5.zip
C:\Documents and Settings\Andrea\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-6d061619.zip
C:\Program Files\McAfee.com\Agent\mpfpinst.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

FileLook::
C:\WINDOWS\system32\A6CCDDAAF9.sys


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

And let me know how your computer is behaving now.

Regards,
RatHat
  • 0

#10
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Do you still require assistance with this log?

Regards,
RatHat
  • 0

Advertisements


#11
ravencelt

ravencelt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I'm sorry, I tried to get a second combofix log, but it wouldn't save. :) I'm not sure it will give the same info if I try again. Here is the new HJT log anyway. Thanks so much for your help! Also, my system seems to be much better, no redirecting at all.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:12 PM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.co...s...33&_lang=EN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by116fd.bay11...ex/HMAtchmt.ocx
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8830 bytes

Edited by ravencelt, 18 March 2008 - 09:34 PM.

  • 0

#12
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

You are looking clean, but I would like to make sure.

Please run Deckard's System Scanner (DSS) again. This time it will only produce a single Notepad file; main.txt, please copy and paste the contents in your next reply.
Note:A copy of this file can be found in you root drive, usually C:\Deckard\System Scanner\main.txt

Regards,
RatHat
  • 0

#13
ravencelt

ravencelt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Deckard's System Scanner v20071014.68
Run by Andrea on 2008-03-20 18:54:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Andrea.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:38 PM, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Andrea\Local Settings\Temporary Internet Files\Content.IE5\RPYMR29B\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Andrea.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.co...s...33&_lang=EN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by116fd.bay11...ex/HMAtchmt.ocx
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8872 bytes

-- Files created between 2008-02-20 and 2008-03-20 -----------------------------

2008-03-14 20:49:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-14 20:49:53 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-14 19:27:34 0 d-------- C:\Documents and Settings\Andrea\Application Data\Malwarebytes
2008-03-14 19:27:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-14 19:27:28 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-14 19:10:45 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-14 19:10:45 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-14 19:10:45 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-14 19:10:45 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-12 20:08:28 0 d-------- C:\Program Files\Netflix
2008-03-12 17:43:00 686630 --a------ C:\dss.exe
2008-03-06 17:06:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-06 17:00:52 0 d-------- C:\Documents and Settings\Andrea\Application Data\Grisoft
2008-03-06 17:00:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-05 21:47:17 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-05 20:31:02 0 d-------- C:\Program Files\LimeWire
2008-03-05 20:29:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-05 20:29:09 0 d-------- C:\Program Files\Common Files\iS3


-- Find3M Report ---------------------------------------------------------------

2008-03-17 17:04:11 0 d-------- C:\Documents and Settings\Andrea\Application Data\LimeWire
2008-03-07 23:50:49 0 d-------- C:\Program Files\Java
2008-03-06 17:39:28 0 d-------- C:\Program Files\McAfee
2008-03-05 21:41:27 0 d-------- C:\Program Files\Canon
2008-03-05 21:40:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-05 21:39:29 0 d-------- C:\Program Files\STOPzilla!
2008-03-05 20:29:09 0 d-------- C:\Program Files\Common Files
2008-02-24 17:41:15 0 d-------- C:\Documents and Settings\Andrea\Application Data\AdobeUM
2007-12-26 20:50:08 268 -r-h----- C:\Documents and Settings\Andrea\Application Data\Frameworks


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [01/17/2007 06:30 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [08/15/2007 08:15 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/14/2005 08:51 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/27/2007 03:22 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]

C:\Documents and Settings\Andrea\Start Menu\Programs\Startup\
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [5/15/2007 7:13:10 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [10/2/2003 2:08:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk
backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb85b0f0-91bf-11db-b8bd-00038a000015}]
AutoRun\command- G:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-03-20 18:55:01 ------------
  • 0

#14
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hey there,

OK! Well done, your log is clean again! :)

The first thing we need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Click Here to download OTCleanIt
Double-click OTCleanIt.exe to run it.
Click the Clean up button
Click Yes to the reboot.

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.

System Restore will now be active again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Next, lets reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

Reset Hidden/System Files & Folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
  • CHECK the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


In addition to Windows updates, you also need to ensure that your version of Java is the latest.Click here to download the latest version (Java Runtime Environment (JRE) 6 Update 5). Once downloaded, install it and then Reboot your computer.

It is most important that you also uninstall older versions of Java.
  • Click Start, Control Panel, Add/Remove Programs.
  • Delete all Java updates except Java ™ 6 Update 5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OK, now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here.
  • Spybot Search & Destroy a powerful tool which can "search and destroy" nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. A tutorial can be found here.
  • AdAware another very powerful tool which searches and kills nasties that infect your system. A tutorial can be found here. AdAware and Spybot Search & Destroy compliment each other very well.

Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Lastly, it is a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

Temp File Cleaners
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Note: Do NOT run this program if you have XP Professional 64 bit edition.
  • ATF Cleaner A very powerful cleaning program for XP and Windows 2000 only. Note: You may have this already as part of the fixes you have run.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!

Best regards,
RatHat
  • 0

#15
ravencelt

ravencelt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Okay! Thanks so much for your time and patience with this, and all the great help! :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP