Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Troj Win32.Qhost.r & Troj.JS.Redirector.b [RESOLVED]


  • This topic is locked This topic is locked

#61
SHILORAVINN

SHILORAVINN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi Stamper!

So you ARE leaving me hanging?! LOL Just kidding. Before I move on, there are all kinds of screwy things going on now with this computer!!! I can't log on to my banking site, when I just typed in geekstogo into the address bar, it had a little ebay icon before the address, I use msn as my home page and now before that address it has a zl icon thingy. WTH!!! I can't click on lots of different links, well I can, but nothing happens. Now when I am replying, I can't see the little emoticons that were on the left of my screen, I could not click on quick reply. What is going on, have I been hijacked?! Thanks dude for all of your help!!
  • 0

Advertisements


#62
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts

So you ARE leaving me hanging?! LOL Just kidding.

Never! Just want to make sure you are getting the right help for the right problems :)

That said, what you are describing does sound a little bit malware-ish. Lets do this. Run the combofix instructions from my previous post - that will get cleaned up a bit. Then do the following. Lets have one more look at the logs to see if anything is showing up now.

Please download Deckard's System Scanner (DSS) to your Desktop.

  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.
  • 0

#63
SHILORAVINN

SHILORAVINN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi Stamper!

I "think" I might have the browser part fixed - when I brought up a new IE, it said welcome to IE 7 and asked me to set some preferences. My husband ignored this prompt last night when he saw it, and the browser would not work properly without setting the preferences first. So now, it looks ok and I've been able to go to the sites that I could not last night. (IE7 must have downloaded via auto updates)

Next, I tried to do the ComboFix/u and I got this error message: Windows can not find ComboFix/u make sure you typed name correctly, and try again. To search for a file, click start, search.

I KNOW it is on here, I ran it right after that error message. Also, I went ahead and ran DSS and it only generated the main txt log, not extra one. So I am posting what it gave me.

Deckard's System Scanner v20071014.68
Run by TEST on 2008-04-02 13:05:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 79% (more than 75%).


-- HijackThis (run as TEST.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:32 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TEST\Desktop\dss.exe
C:\DOCUME~1\TEST\Desktop\TEST.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....?linkid=4239037
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mpix.com/...geUploader4.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mpix.com/...geUploader3.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 7748 bytes

-- Files created between 2008-03-02 and 2008-04-02 -----------------------------

2008-03-31 18:54:03 0 d------c- C:\Documents and Settings\STAMPER19\Application Data\Macromedia
2008-03-31 16:56:17 0 dr-h---c- C:\Documents and Settings\STAMPER19\Application Data\yahoo!
2008-03-31 16:55:37 0 d------c- C:\Documents and Settings\STAMPER19\Application Data\Google
2008-03-31 16:54:51 0 d------c- C:\Documents and Settings\STAMPER19\Application Data\AVG7
2008-03-31 16:54:37 0 d------c- C:\Documents and Settings\STAMPER19\Application Data\Grisoft
2008-03-31 16:54:26 0 d------c- C:\Documents and Settings\STAMPER19\Application Data\Real
2008-03-31 16:52:17 0 dr-----c- C:\Documents and Settings\STAMPER19\Favorites
2008-03-31 16:52:17 0 d------c- C:\Documents and Settings\STAMPER19\Desktop
2008-03-31 16:52:17 0 d--hs--c- C:\Documents and Settings\STAMPER19\Cookies
2008-03-31 16:52:17 0 dr-h---c- C:\Documents and Settings\STAMPER19\Application Data
2008-03-31 16:52:17 0 d------c- C:\Documents and Settings\STAMPER19\Application Data\Symantec
2008-03-31 16:52:17 0 d---s--c- C:\Documents and Settings\STAMPER19\Application Data\Microsoft
2008-03-31 16:52:17 0 d------c- C:\Documents and Settings\STAMPER19\Application Data\Identities
2008-03-31 16:52:16 0 d--h---c- C:\Documents and Settings\STAMPER19\Templates
2008-03-31 16:52:16 0 dr-----c- C:\Documents and Settings\STAMPER19\Start Menu
2008-03-31 16:52:16 0 dr-h---c- C:\Documents and Settings\STAMPER19\SendTo
2008-03-31 16:52:16 0 dr-h---c- C:\Documents and Settings\STAMPER19\Recent
2008-03-31 16:52:16 0 d--h---c- C:\Documents and Settings\STAMPER19\PrintHood
2008-03-31 16:52:16 0 d--h---c- C:\Documents and Settings\STAMPER19\NetHood
2008-03-31 16:52:16 0 dr-----c- C:\Documents and Settings\STAMPER19\My Documents
2008-03-31 16:52:16 0 d--h---c- C:\Documents and Settings\STAMPER19\Local Settings
2008-03-31 16:52:15 0 d------c- C:\Documents and Settings\STAMPER19\WINDOWS
2008-03-31 16:52:14 2097152 --ah----- C:\Documents and Settings\STAMPER19\NTUSER.DAT
2008-03-30 20:27:56 0 d-------- C:\Program Files\Sophos
2008-03-28 19:22:11 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-28 19:22:11 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-28 19:22:11 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-28 19:22:11 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-27 19:21:39 0 d-------- C:\WINDOWS\ERUNT
2008-03-27 18:56:17 0 d-------- C:\Documents and Settings\TEST\Application Data\AVG7
2008-03-27 18:55:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-27 18:14:11 0 d------c- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-26 22:47:21 0 d------c- C:\HostsXpert 4.2 - Hosts File Manager
2008-03-26 22:09:35 4172 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-22 21:15:08 0 d-------- C:\Documents and Settings\TEST\Application Data\Grisoft
2008-03-22 20:16:07 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-22 17:00:57 0 d------c- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-22 17:00:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-22 17:00:48 0 d-------- C:\Documents and Settings\TEST\Application Data\SUPERAntiSpyware.com
2008-03-22 16:59:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 01:24:35 0 d------c- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-22 01:24:29 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-22 01:14:23 0 d-------- C:\Documents and Settings\TEST\Application Data\Malwarebytes
2008-03-22 01:12:03 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-22 01:12:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-21 11:37:13 0 d-------- C:\Program Files\Shop'NCook 3.4
2008-03-21 11:36:56 0 d------c- C:\Documents and Settings\All Users\Application Data\{339435FA-E925-4791-9BFE-65E5B24DD2F3}
2008-03-20 15:56:42 23552 --a------ C:\WINDOWS\xobglu32.dll
2008-03-20 15:56:42 63488 --a------ C:\WINDOWS\xobglu16.dll
2008-03-06 20:30:40 0 d-------- C:\Program Files\QuickTime
2008-03-06 20:30:27 0 d------c- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-06 20:29:06 0 d-------- C:\Program Files\Apple Software Update
2008-03-06 20:29:06 0 d------c- C:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2008-04-02 13:00:28 0 d-------- C:\Program Files\Google
2008-04-01 23:06:27 456 --a------ C:\Documents and Settings\TEST\Application Data\SamsungLiveUpdateConfig.ini
2008-03-31 16:52:51 0 d-------- C:\Program Files\Web Publish
2008-03-28 12:04:52 0 d-------- C:\Program Files\Windows Defender
2008-03-28 12:03:53 0 d-------- C:\Program Files\palmOne
2008-03-22 16:59:56 0 d-------- C:\Program Files\Common Files
2008-03-22 01:00:24 0 d-------- C:\Program Files\Macrogaming
2008-03-21 23:44:22 1411 --a------ C:\Program Files\Solitaire.lnk <SOLITA~1.LNK>
2008-03-21 23:25:02 0 d-------- C:\Documents and Settings\TEST\Application Data\Talkback
2008-03-21 22:38:26 0 d-------- C:\Program Files\Microsoft Picture It! 2002
2008-03-21 22:14:58 0 d-------- C:\Program Files\Spyware Doctor
2008-03-17 22:45:14 0 d-------- C:\Program Files\Java
2008-03-15 16:57:24 0 d-------- C:\Documents and Settings\TEST\Application Data\ZoomBrowser EX
2008-03-14 00:40:42 0 d-------- C:\Documents and Settings\TEST\Application Data\Adobe
2008-03-14 00:35:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-16 01:00:58 0 d-------- C:\Program Files\Folder Lock
2008-02-13 02:39:56 0 d-------- C:\Program Files\Modem Helper
2008-02-13 02:39:52 0 d-------- C:\Program Files\Microsoft Money 2006
2008-02-13 00:48:08 0 d-------- C:\Program Files\Winkflash
2008-02-13 00:43:59 0 d-------- C:\Program Files\Serif
2008-02-13 00:40:41 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-07 19:38:36 0 d-------- C:\Program Files\Windows Live
2008-01-23 14:26:30 1781 --a------ C:\WINDOWS\mozver.dat
2008-01-16 01:05:50 0 --a----c- C:\WINDOWS\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zzzHPSETUP"="D:\Setup.exe" []
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [04/05/2007 03:29 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 05:24 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 08:20 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [09/14/2006 07:55 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/17/2005 09:49 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/27/2008 06:57 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" []
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 11:37 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/22/2008 11:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 03/22/2008 11:26 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]
backup=C:\WINDOWS\pss\Camio Viewer 2000.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Internet Answering Machine.lnk]
backup=C:\WINDOWS\pss\Internet Answering Machine.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^SHILO^Start Menu^Programs^Startup^Forget Me Not.lnk]
backup=C:\WINDOWS\pss\Forget Me Not.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
C:\WINDOWS\DELLMMKB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTWinModem1]
ltmsg.exe 9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=3 (0x3)
"NVSvc"=2 (0x2)
"Nhksrv"=2 (0x2)
"ImapiService"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23a727ef-36d9-11d6-b2b6-806d6172696f}]
AutoRun\command- D:\install.exe /A




-- End of Deckard's System Scanner: finished at 2008-04-02 13:06:04 ------------

Thanks so much for all of your help!!
  • 0

#64
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts
Hiya Shilo,

I "think" I might have the browser part fixed - when I brought up a new IE, it said welcome to IE 7 and asked me to set some preferences. My husband ignored this prompt last night when he saw it, and the browser would not work properly without setting the preferences first. So now, it looks ok and I've been able to go to the sites that I could not last night. (IE7 must have downloaded via auto updates)

Well that is certainly good news :)

Next, I tried to do the ComboFix/u and I got this error message: Windows can not find ComboFix/u make sure you typed name correctly, and try again. To search for a file, click start, search.

Did you put a space between "ComboFix" and "/u"? If you did not it wont work. It should read "ComboFix /u".

I KNOW it is on here, I ran it right after that error message. Also, I went ahead and ran DSS and it only generated the main txt log, not extra one. So I am posting what it gave me.

The lack of extra.txt is fine. As I suspected the DSS log is clean, suggesting that there is no malware on the system. The new symptoms that we thought might be malware were due to a software issue (IE). So....I think at this point the best thing to do is to go ahead and post in the Windows XP forum, as it appears the issues are non-malware related. My hope is that they will be able to sort this out provided it is a Windows or Hardware issue.
  • 0

#65
SHILORAVINN

SHILORAVINN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hey Stamper!

As you suspected, I did miss the space after ComboFix!!! :) Oops!! I just typed in the correct way and it ran fine. I will definitely post to the other forum as you suggest.

Thank you so much for your patience and all of the help you have given me! Even though all the problems are not solved, the computer is definitely faster now and cleaner thanks to you!! :) -Shilo
  • 0

#66
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts
You are very welcome, Shilo. Hopefully things get sorted out. I am includeing some tips below that will help in keeping your computer malware free in the future.

Cheers,
Stamper :)

----------------------------------------------------------------

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

  • 0

#67
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP