Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Followed "must read this" instructions, still have a problem


  • Please log in to reply

#1
CompooterDummy

CompooterDummy

    Troll

  • Member
  • PipPipPip
  • 175 posts
I followed all the instructions in the "You Must Read This" file with the exception of running Panda. When I tried to download it, Avast flagged a virus file and automatically disconnected me from the sight. When I posted a message to this affect, I noticed under "related posts" a similar problem where someone was directed to use kaspersky and dss instead, so I used those instead. I tried to upload the logs but it wouldn't allow an upload of some, so I'm pasting the text here. One of the programs, I think it was dss, was supposed to create two logs but it only created the main log. Anyway, here are the logs and thanks in advance for any help you can give.

Malware Byte Log
Malwarebytes' Anti-Malware 1.12
Database version: 744

Scan type: Quick Scan
Objects scanned: 29898
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Common Files\CPUSH (Adware.CPush) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Common Files\CPUSH\cpush.dll (Adware.CPush) -> Quarantined and deleted successfully.
C:\WINNT\system32\smss.ini (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.



Super Antispyware Scan Log
SUPERAntiSpyware Scan Log
Generated 05/13/2008 at 11:01 AM

Application Version : 3.6.1000

Core Rules Database Version : 3459
Trace Rules Database Version: 1450

Scan type : Complete Scan
Total Scan Time : 00:44:59

Memory items scanned : 331
Memory threats detected : 0
Registry items scanned : 3307
Registry threats detected : 0
File items scanned : 13145
File threats detected : 3

Unclassified.Oreans32
C:\WINNT\SYSTEM32\DRIVERS\OREANS32.SYS

Trojan.Explorers
C:\WINNT\SYSTEM32\EXPLORERS.EXE

Trojan.SpooISV
C:\WINNT\SYSTEM32\SPOOISV.EXE



Kaspersky
2008-05-13 14:45
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/05/2008
Kaspersky Anti-Virus database records: 770742
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 13765
Number of viruses found 7
Number of infected objects 15
Number of suspicious objects 0
Duration of the scan process 00:27:05

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Application Data\Mozilla\Firefox\Profiles\spulu7g9.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Application Data\Mozilla\Firefox\Profiles\spulu7g9.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Application Data\Mozilla\Firefox\Profiles\spulu7g9.default\history.dat Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Application Data\Mozilla\Firefox\Profiles\spulu7g9.default\key3.db Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Application Data\Mozilla\Firefox\Profiles\spulu7g9.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Application Data\Mozilla\Firefox\Profiles\spulu7g9.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Application Data\Mozilla\Firefox\Profiles\spulu7g9.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Local Settings\Application Data\Mozilla\Firefox\Profiles\spulu7g9.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Local Settings\Application Data\Mozilla\Firefox\Profiles\spulu7g9.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Local Settings\Application Data\Mozilla\Firefox\Profiles\spulu7g9.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Local Settings\Application Data\Mozilla\Firefox\Profiles\spulu7g9.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Local Settings\History\History.IE5\MSHist012008051320080514\index.dat Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Local Settings\Temp\~DF3EDE.tmp Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Local Settings\Temp\~DF4BD9.tmp Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Local Settings\Temp\~DFF54.tmp Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jo Ann Christinese\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswAr.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\PeoplePC Accelerated\logs\output_Jo Ann Christinese.log Object is locked skipped
C:\Program Files\PeoplePC Accelerated\TEMP\benchmark.dat Object is locked skipped
C:\Program Files\PeoplePC Accelerated\TEMP\codescache\20\fe20 Object is locked skipped
C:\Program Files\PeoplePC Accelerated\TEMP\codescache\activeDomains Object is locked skipped
C:\Program Files\PeoplePC Accelerated\TEMP\codescache\b7\ebb7 Object is locked skipped
C:\Program Files\PeoplePC Accelerated\TEMP\codescache\c1\b0c1 Object is locked skipped
C:\Program Files\PeoplePC Accelerated\TEMP\codescache\c8\76c8 Object is locked skipped
C:\Program Files\PeoplePC Accelerated\TEMP\codescache\e1\9be1 Object is locked skipped
C:\Program Files\PeoplePC Accelerated\TEMP\codescache\nonactiveDomains Object is locked skipped
C:\Program Files\PeoplePC Accelerated\TEMP\http_cache\HEADERS\_0000_1 Object is locked skipped
C:\Program Files\PeoplePC Accelerated\TEMP\http_cache\HEADERS\_0000_2 Object is locked skipped
C:\Program Files\PeoplePC Accelerated\TEMP\http_cache\_0000_1 Object is locked skipped
C:\Program Files\PeoplePC Accelerated\TEMP\http_cache\_0000_2 Object is locked skipped
C:\Recycle\smsn.exe Infected: Trojan.Win32.Delf.bzy skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\IireFoxUpdater.exe/data.rar/1062.exe Infected: IRC-Worm.Win32.Delf.bd skipped
C:\WINNT\IireFoxUpdater.exe/data.rar/ad7285.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BHO.aai skipped
C:\WINNT\IireFoxUpdater.exe/data.rar/ad7285.exe/stream Infected: not-a-virus:AdWare.Win32.BHO.aai skipped
C:\WINNT\IireFoxUpdater.exe/data.rar/ad7285.exe Infected: not-a-virus:AdWare.Win32.BHO.aai skipped
C:\WINNT\IireFoxUpdater.exe/data.rar/0.exe/stream/data0002/data0004 Infected: not-a-virus:AdWare.Win32.Cinmus.frd skipped
C:\WINNT\IireFoxUpdater.exe/data.rar/0.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Cinmus.frd skipped
C:\WINNT\IireFoxUpdater.exe/data.rar/0.exe/stream Infected: not-a-virus:AdWare.Win32.Cinmus.frd skipped
C:\WINNT\IireFoxUpdater.exe/data.rar/0.exe Infected: not-a-virus:AdWare.Win32.Cinmus.frd skipped
C:\WINNT\IireFoxUpdater.exe/data.rar Infected: not-a-virus:AdWare.Win32.Cinmus.frd skipped
C:\WINNT\IireFoxUpdater.exe RarSFX: infected - 9 skipped
C:\WINNT\ModemLog_Motorola SM56 Speakerphone Modem.txt Object is locked skipped
C:\WINNT\run.vbs Infected: Trojan-Downloader.VBS.Small.gg skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\config\Antivirus.Evt Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\system32\ddd.exe/_main.pl Infected: DoS.Perl.BBDoS.c skipped
C:\WINNT\system32\ddd.exe Perl2Exe: infected - 1 skipped
C:\WINNT\system32\Perflib_Perfdata_200.dat Object is locked skipped
C:\WINNT\system32\psexec.exe Infected: not-a-virus:RiskTool.Win32.PsExec.c skipped
C:\WINNT\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped
Scan process completed.



DSS Main log
Deckard's System Scanner v20071014.68
Run by Jo Ann Christinese on 2008-05-13 14:50:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (256 MiB recommended).


-- HijackThis (run as Jo Ann Christinese.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50, on 2008-05-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
c:\Recycle\smsn.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\lxczcoms.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
c:\Recycled\svchose.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\sm56hlpr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PeoplePC\ISP6500\Browser\Bartshel.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\PeoplePC\ISP6500\Browser\PPShared.exe
C:\Program Files\PeoplePC\ISP6500\Browser\Bartshel.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Jo Ann Christinese\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOANNC~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\ppctoolbar.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\ppctoolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6500\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1207048643546
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Windows Audio Server (Audios) - Unknown owner - c:\Recycle\smsn.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: lxcz_device - - C:\WINNT\system32\lxczcoms.exe
O23 - Service: Window Event Server (windowneters) - Unknown owner - c:\Recycled\svchose.exe

--
End of file - 4421 bytes

-- Files created between 2008-04-13 and 2008-05-13 -----------------------------

2008-05-13 12:40:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-13 12:40:05 0 d-------- C:\WINNT\system32\Kaspersky Lab
2008-05-13 12:06:09 0 d-------- C:\Program Files\Panda Security
2008-05-13 11:08:38 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_200.dat
2008-05-13 10:56:27 0 d-------- C:\Recycle
2008-05-13 10:03:56 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-13 10:03:38 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-13 10:03:38 0 d-------- C:\Documents and Settings\Jo Ann Christinese\Application Data\SUPERAntiSpyware.com
2008-05-13 10:02:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-13 09:30:22 0 d-------- C:\Documents and Settings\Jo Ann Christinese\Application Data\Malwarebytes
2008-05-13 09:30:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-13 09:30:11 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-13 09:29:21 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-13 08:59:33 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1f0.dat
2008-05-12 17:19:46 0 d-------- C:\Program Files\SpywareDetector
2008-05-10 22:02:56 655360 --a------ C:\Documents and Settings\Jo Ann Christinese\NTUSER.DAT
2008-05-10 19:57:06 0 d-------- C:\WINNT\MaxSecureBackup
2008-05-10 19:55:58 123 --a------ C:\WINNT\system\SYSRegC.dll
2008-05-10 19:55:52 143360 --a------ C:\WINNT\system32\GetHardDiskNo.dll <Not Verified; MaxSecure Software; MaxSecure Registration Module>
2008-05-10 19:55:50 0 d-------- C:\Program Files\Max Registry Cleaner
2008-04-14 12:29:51 0 d-------- C:\temp


-- Find3M Report ---------------------------------------------------------------

2008-05-13 12:06:10 2566 --a------ C:\WINNT\mozver.dat
2008-05-13 10:02:58 0 d-a------ C:\Program Files\Common Files
2008-05-12 21:24:19 830358 ---h----- C:\WINNT\ShellIconCache
2008-05-10 20:47:06 0 d-------- C:\Program Files\Computer Clean Up Tools
2008-04-18 19:42:56 521517 --a------ C:\WINNT\IireFoxUpdater.exe
2008-04-16 21:21:23 0 d-------- C:\Documents and Settings\Jo Ann Christinese\Application Data\AdobeUM
2008-04-11 23:21:42 3 --a------ C:\WINNT\system32\iphy.dll
2008-04-11 22:48:06 434176 --a------ C:\WINNT\system32\IPHOST.dll
2008-04-07 21:53:19 0 --a------ C:\WINNT\system32\fiplock.dll
2008-04-06 10:04:04 0 d-------- C:\Documents and Settings\Jo Ann Christinese\Application Data\FaxCtr
2008-04-05 16:27:33 0 d-------- C:\Program Files\Lexmark 1200 Series
2008-04-05 16:27:22 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-04-05 16:25:52 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-04-04 16:41:19 0 d-------- C:\Documents and Settings\Jo Ann Christinese\Application Data\Talkback
2008-04-04 16:40:48 0 --a------ C:\WINNT\nsreg.dat
2008-04-04 16:40:42 0 d-------- C:\Documents and Settings\Jo Ann Christinese\Application Data\Mozilla
2008-04-04 15:31:12 0 d-------- C:\Program Files\SpywareBlaster
2008-04-03 16:05:06 0 d-------- C:\Program Files\Trend Micro
2008-04-03 12:48:56 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1f8.dat
2008-04-01 21:17:01 0 d-------- C:\Documents and Settings\Jo Ann Christinese\Application Data\Help
2008-04-01 20:20:39 0 d-------- C:\Program Files\Alwil Software
2008-04-01 17:33:21 0 d-------- C:\Documents and Settings\Jo Ann Christinese\Application Data\Macromedia
2008-04-01 17:19:42 0 d-------- C:\Program Files\PeoplePC Accelerated
2008-04-01 17:04:01 0 d-------- C:\Documents and Settings\Jo Ann Christinese\Application Data\ScamBlocker
2008-04-01 17:00:15 0 d-------- C:\Program Files\PeoplePC
2008-04-01 16:59:52 0 d-------- C:\Program Files\Common Files\PeoplePC
2008-04-01 07:07:18 57344 --a------ C:\WINNT\uneng.exe <Not Verified; Roxio; Roxio Update Wizard>
2008-04-01 07:07:18 0 d-------- C:\Program Files\Common Files\Adaptec Shared
2008-04-01 05:41:56 0 d-------- C:\Program Files\Windows NT
2008-04-01 05:04:39 0 d-------- C:\Documents and Settings\Jo Ann Christinese\Application Data\Identities
2008-04-01 04:48:47 0 d-------- C:\Program Files\microsoft frontpage
2008-04-01 04:47:51 0 -rahs---- C:\MSDOS.SYS
2008-04-01 04:47:51 0 -rahs---- C:\IO.SYS
2008-04-01 04:47:51 0 ---h----- C:\CONFIG.SYS
2008-04-01 04:47:51 0 ---h----- C:\AUTOEXEC.BAT
2008-04-01 04:45:55 15012 --a------ C:\WINNT\system32\emptyregdb.dat
2008-04-01 04:45:05 0 d-ah----- C:\Program Files\WindowsUpdate
2008-04-01 04:44:36 0 d-------- C:\Program Files\Accessories
2008-03-31 21:04:29 0 d-a------ C:\Program Files\Common Files\ODBC


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
08-04-02 09:39 237056 --a------ c:\program files\peoplepc\toolbar\ppctoolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A8FB8EB3-183B-4598-924D-86F0E5E37085}"= c:\program files\peoplepc\toolbar\ppctoolbar.dll [08-04-02 09:39 237056]

[-HKEY_CLASSES_ROOT\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
[HKEY_CLASSES_ROOT\PeoplePC.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{994D628D-4D22-4DB9-B6DB-F7D9F1635817}]
[HKEY_CLASSES_ROOT\PeoplePC.Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 13:05 C:\WINNT\system32\mobsync.exe]
"SMSERIAL"="sm56hlpr.exe" [03-10-07 20:15 C:\WINNT\sm56hlpr.exe]
"Bart Station"="C:\Program Files\PeoplePC\ISP6500\BIN\PPCOLink.exe" [07-03-12 16:11 ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [08-05-12 10:39 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07-02-27 11:39 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\Jo Ann Christinese\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 13:04:08]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-05-13 14:51:47 ------------



HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04, on 2008-05-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
c:\Recycle\smsn.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\lxczcoms.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
c:\Recycled\svchose.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\sm56hlpr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PeoplePC\ISP6500\Browser\Bartshel.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\PeoplePC\ISP6500\Browser\PPShared.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\notepad.exe
C:\Program Files\PeoplePC\ISP6500\Browser\Bartshel.exe
C:\Program Files\PeoplePC Accelerated\PeoplePC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\ppctoolbar.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\ppctoolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6500\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1207048643546
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCEE0E6D-41E2-4091-892A-314B23E8F5C6}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Windows Audio Server (Audios) - Unknown owner - c:\Recycle\smsn.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: lxcz_device - - C:\WINNT\system32\lxczcoms.exe
O23 - Service: Window Event Server (windowneters) - Unknown owner - c:\Recycled\svchose.exe

--
End of file - 5005 bytes


HiJack This Uninstall Log
Adobe Flash Player ActiveX
avast! Antivirus
ERUNT 1.1j
HijackThis 2.0.2
Hotfix for MDAC 2.53 (KB927779)
Internet Explorer Q903235
Kaspersky Online Scanner
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Mozilla Firefox (2.0.0.14)
PeoplePC Online
PeoplePC:PeoplePal Toolbar 6.5
Security Update for DirectX 9 (KB941568)
Security Update for Windows 2000 (KB941569)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
SUPERAntiSpyware Free Edition
Update Rollup 1 for Windows 2000 SP4
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923810
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926122
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB933729
Windows 2000 Hotfix - KB935839
Windows 2000 Hotfix - KB935840
Windows 2000 Hotfix - KB936021
Windows 2000 Hotfix - KB937894
Windows 2000 Hotfix - KB938127
Windows 2000 Hotfix - KB938827
Windows 2000 Hotfix - KB938829
Windows 2000 Hotfix - KB941202
Windows 2000 Hotfix - KB941568
Windows 2000 Hotfix - KB941644
Windows 2000 Hotfix - KB943055
Windows 2000 Hotfix - KB943485
Windows 2000 Hotfix - KB944533
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)

Attached Files


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP