Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't shake Dr. Watson! [RESOLVED]


  • This topic is locked This topic is locked

#1
Jason Ortiz

Jason Ortiz

    New Member

  • Member
  • Pip
  • 3 posts
I've tried all of things recommended in the "You Must Read This First" post. I still can't seem to shake this DrWatson error message. It only seems to happen when I go into my shared folder and try to watch the "Hellraiser" movie I downloaded from mininova. I use "µTorrent" all the time to download torrent files. I don't know if that helps but someone asked about what bittorrent client was being used in another post. I have four different logs to post, so I'll get right to it.


HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:13 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\mpcodecplg.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1174451133709
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6456 bytes


MALWAREBYTES LOG:


Malwarebytes' Anti-Malware 1.11
Database version: 663

Scan type: Quick Scan
Objects scanned: 40482
Time elapsed: 12 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\mpcodecplg.dll (Adware.WebDir) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{b1e22eb8-2ae8-4e8e-96ae-74f2a1764533} (Adware.WebDir) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> No action taken.
HKEY_CLASSES_ROOT\dlp.dlpobj (Adware.WebDir) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{be2ed590-ca49-46b5-8cce-244fb2e0d1aa} (Adware.WebDir) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{be2ed590-ca49-46b5-8cce-244fb2e0d1aa} (Adware.WebDir) -> No action taken.
HKEY_CLASSES_ROOT\dlp.dlpobj.1 (Adware.WebDir) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Helper (Adware.BHO) -> No action taken.

Files Infected:
C:\WINDOWS\mpcodecplg.dll (Adware.WebDir) -> No action taken.


SUPERANTISPYWARE LOG:



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/21/2008 at 00:07 AM

Application Version : 4.0.1154

Core Rules Database Version : 3442
Trace Rules Database Version: 1434

Scan type : Complete Scan
Total Scan Time : 00:46:48

Memory items scanned : 370
Memory threats detected : 0
Registry items scanned : 5581
Registry threats detected : 2
File items scanned : 19147
File threats detected : 84

Adware.Tracking Cookie
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][2].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][2].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][2].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][2].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][2].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][2].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][2].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][4].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\michele_[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][3].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][2].txt
C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt

Adware.ClickSpring
HKLM\Software\ClickSpring


ACTIVESCAN LOG:


;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-04-21 08:34:39
PROTECTIONS: 1
MALWARE: 19
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
AVG 7.5.524 7.5.524 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][2].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][3].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][2].txt
00182314 adware/diytoolbar Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28E0FA88-ABA8-4937-A247-3031F1A11165}
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Michele Cooper\Cookies\[email protected][1].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Jason Ortiz\Cookies\[email protected][2].txt
02900227 Java/Downloader.SNS Virus/Trojan No 1 Yes No C:\Documents and Settings\Jason Ortiz\Local Settings\Temp\jar_cache43394.tmp[VaaaaaaaBaa.class]
02900228 Java/Downloader.SNS Virus/Trojan No 1 Yes No C:\Documents and Settings\Jason Ortiz\Local Settings\Temp\jar_cache43394.tmp[Dvnny.class]
02900230 Java/Downloader.SNS Virus/Trojan No 1 Yes No C:\Documents and Settings\Jason Ortiz\Local Settings\Temp\jar_cache43394.tmp[Dix.class]
02900231 Java/Downloader.SNS Virus/Trojan No 1 Yes No C:\Documents and Settings\Jason Ortiz\Local Settings\Temp\jar_cache43394.tmp[Dex.class]
02900232 Java/Downloader.SNS Virus/Trojan No 1 Yes No C:\Documents and Settings\Jason Ortiz\Local Settings\Temp\jar_cache43394.tmp[BaaaaBaa.class]
02900233 Java/Downloader.SNS Virus/Trojan No 1 Yes No C:\Documents and Settings\Jason Ortiz\Local Settings\Temp\jar_cache43394.tmp[Baaaaa.class]
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
================================================================================
=
===================
120815 HIGH MS06-022
;===============================================================================
================================================================================
=
===================


END OF LOGS.


Ok, so I think that's everything. Holy crap that's alot of information! If someone could please take a look and tell me what to do it would be greatly appreciated. I know that's alot of info to go over so I'm not expecting a response right away. Thank you.

Edited by Jason Ortiz, 21 April 2008 - 10:08 AM.

  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

It's probably one of your codecs causing that problem. Have seen this happen a lot.....

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_LOCAL_MACHINE\Software\ClickSpring]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28E0FA88-ABA8-4937-A247-3031F1A11165}]


Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.


Go to My Computer->Tools->Folder Option->View and check 'Show hidden files and folders' and uncheck 'Hide protected operating system files'. Go to your c: drive. Right click on the boot.ini file and go to Properties. Uncheck the box that says Read-only and click OK. Then double click on the boot.ini file to open it. Change the line that says /NoExecute=OptIn and change it to /NoExecute=AlwaysOff. Now save the file and close it.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\mpcodecplg.dll


Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\mpcodecplg.dll

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
Jason Ortiz

Jason Ortiz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
A thousand thank yous kind sir! So I'm able to zip around my computer again without the dreaded Dr. Watson freezing me up. Ok, so I did everything suggested, except for the Combo Fix part. I'm working fine now, but is the step that should still proceed with? It sounded a little dangerous as I really don't know too much about computers. But if you still recommend it, I'll proceed. And once again your help has been greatly appreciated. What a website you guys got here!
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No problem. I saw a malware file and wanted to take a closer look to be sure. If you are worried about running this, I guess we can leave it alone since the direct issue is resolved. If you want to let it be, go to Start->Run and copy/paste in combofix /u to remove it.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, post back one more time to confirm and you should be set to go.
  • 0

#5
Jason Ortiz

Jason Ortiz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Yeah, everythings working splendidly now, so I think I'm just gonna leave well enough alone. Again thanks so much for the help, it is truly appreciated! Take care and don't take offense but I hope we won't have to talk here again in the future!
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP