Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Annoying "fake" spyware warning screensaver [RESOLVED]

Started by Wakye , Jun 02 2008 11:32 PM

  • This topic is locked This topic is locked

#1
Wakye
Posted 02 June 2008 - 11:32 PM

Wakye

    New Member

  • Member
  • Pip
  • 5 posts
Seems I've contracted a malware bug that's installed a blue desktop screensaver stating: "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer."

I've used Ad-Aware 2008, Malwarebytes' Anti-malware, and Norton, but haven't gotten rid of it.

I've attached my OTScanIt file to this post. Any help would be appreciated.

Attached File  OTScanIt.Txt   171.61KB   87 downloads
  • 0

Advertisements

#2
Rorschach112
Posted 03 June 2008 - 07:39 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Read the Sticky Thread and post the required logs
  • 0

#3
Wakye
Posted 03 June 2008 - 11:26 AM

Wakye

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here's the log from HiJackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:47 AM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.mit.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [lphcg12j0e9eb] C:\WINDOWS\system32\lphcg12j0e9eb.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9090 bytes


This is the log from ActiveScan:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-06-03 10:14:38
PROTECTIONS: 1
MALWARE: 19
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Norton Internet Security 2005 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.atdmt.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.mediaplex.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.com.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[ad.yieldmanager.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.ads.pointroll.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.zedo.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Cookies\oludare ogunyemi@go[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.target.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Oludare Ogunyemi\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@atwola[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9svgyyhi.default\cookies.txt[.ads.addynamix.com/]
03008451 Application/AdvancedXPFixer HackTools No 0 No No C:\Documents and Settings\Oludare Ogunyemi\Local Settings\Temp\.tt40D.tmp[²ºÇSkin.dll]
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location T
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description T
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================


Here is my uninstall list:

Abexo Free Registry Cleaner
Abexo Registry Cleaner
AC3Filter (remove only)
Ad-Aware
Adobe Reader 7.0.9
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BitComet 0.56
Bluetooth by hp
CC_ccProxyExt
ccCommon
ccPxyCore
Combined Community Codec Pack 2006-07-22 (Remove Only)
Conexant AC-97 Audio
Conexant Data Fax Modem with SmartCP
CoreAVC Pro 1.5.0.0
DivX Codec
Google Toolbar for Internet Explorer
HijackThis 2.0.2
HP Deskjet 3840
HP Help and Support
HP Software Update
HP Wireless Assistant 1.01 A2
InterActual Player
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Money 2005
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIRC
Mozilla Firefox (2.0.0.14)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 4.0 - SE
Nikon Message Center
Nikon Transfer
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Norton WMI Update
Panda ActiveScan 2.0
Picasa 2
Quick Launch Buttons 5.10 A2
Real Alternative 1.48
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SPBBC
Symantec Script Blocking Installer
SymNet
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
VideoLAN VLC media player 0.8.5
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Windows XP Hotfix - KB893086
WinRAR archiver
XviD MPEG-4 Video Codec
Zone Deluxe Games


Let me know if anything else is needed.
  • 0

#4
Rorschach112
Posted 03 June 2008 - 11:31 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start OTScanIt. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> lphcg12j0e9eb -> %SystemRoot%\system32\lphcg12j0e9eb.exe [C:\WINDOWS\system32\lphcg12j0e9eb.exe]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-874821710-2553266171-231575025-1006\] > -> HKEY_USERS\S-1-5-21-874821710-2553266171-231575025-1006\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015]
[Files/Folders - Created Within 90 days]
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> phcg12j0e9eb.bmp -> %SystemRoot%\System32\phcg12j0e9eb.bmp
[Files/Folders - Modified Within 90 days]
NY -> jre-6u2-windows-i586-p-iftw_7070c3f7.exe -> C:\Documents and Settings\Oludare Ogunyemi\Local Settings\Temp\jre-6u2-windows-i586-p-iftw_7070c3f7.exe
NY -> jre-6u3-windows-i586-p-iftw_2cd32978.exe -> C:\Documents and Settings\Oludare Ogunyemi\Local Settings\Temp\jre-6u3-windows-i586-p-iftw_2cd32978.exe
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.





Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Also post a new HijackThis log
  • 0

#5
Wakye
Posted 03 June 2008 - 03:58 PM

Wakye

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Looks like the my screen saver's back to normal. Here are the logs you requested.

OTScanIt Fix Log:

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphcg12j0e9eb not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{461CC20B-FB6E-4f16-8FE8-C29359DB100E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry value HKEY_USERS\S-1-5-21-874821710-2553266171-231575025-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{461CC20B-FB6E-4f16-8FE8-C29359DB100E}\ not found.
Registry value HKEY_USERS\S-1-5-21-874821710-2553266171-231575025-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
[Files/Folders - Created Within 90 days]
C:\WINDOWS\System32\phcg12j0e9eb.bmp moved successfully.
[Files/Folders - Modified Within 90 days]
C:\Documents and Settings\Oludare Ogunyemi\Local Settings\Temp\jre-6u2-windows-i586-p-iftw_7070c3f7.exe moved successfully.
C:\Documents and Settings\Oludare Ogunyemi\Local Settings\Temp\jre-6u3-windows-i586-p-iftw_2cd32978.exe moved successfully.
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Oludare Ogunyemi\Local Settings\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Oludare Ogunyemi\Local Settings\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Oludare Ogunyemi\Local Settings\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Oludare Ogunyemi\Local Settings\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.10 fix logfile created on 06032008_112124

Files moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Oludare Ogunyemi\Local Settings\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Oludare Ogunyemi\Local Settings\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Oludare Ogunyemi\Local Settings\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Oludare Ogunyemi\Local Settings\Application Data\Mozilla\Firefox\Profiles\42v931ix.default\Cache\_CACHE_MAP_ moved successfully.




Kaspersky My Computer Log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, June 03, 2008 2:48:01 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/06/2008
Kaspersky Anti-Virus database records: 826461
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 52961
Number of viruses found: 1
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 01:08:06

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0310\values Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-06-03_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Oludare Ogunyemi\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Oludare Ogunyemi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Oludare Ogunyemi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Oludare Ogunyemi\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Oludare Ogunyemi\Local Settings\History\History.IE5\MSHist012008060320080604\index.dat Object is locked skipped
C:\Documents and Settings\Oludare Ogunyemi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Oludare Ogunyemi\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Oludare Ogunyemi\ntuser.dat.LOG Object is locked skipped
C:\downloads\mirc614.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
C:\downloads\mirc614.exe mIRC: infected - 1 skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Hp\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F09528D2-0C7C-4CA7-B112-B2C6856F585B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



Kaspersky Critical System scan:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, June 03, 2008 1:38:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/06/2008
Kaspersky Anti-Virus database records: 826461
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\OLUDAR~1\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 14834
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:10:12

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F09528D2-0C7C-4CA7-B112-B2C6856F585B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



Here's the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:55 PM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.mit.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8793 bytes


Thanks again for the help.
  • 0

#6
Rorschach112
Posted 03 June 2008 - 04:19 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.


@echo off
dir "C:\downloads">C:\peek.txt
start C:\peek.txt
del peek.bat


Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in peek.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find peek.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.


Post the resulting notepad file that appears
  • 0

#7
Wakye
Posted 03 June 2008 - 05:34 PM

Wakye

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here's the log file:

Volume in drive C has no label.
Volume Serial Number is 16E4-C209

Directory of C:\downloads

06/03/2008 10:18 AM <DIR> .
06/03/2008 10:18 AM <DIR> ..
06/02/2008 05:52 PM 19,153,264 aaw2008.exe
09/11/2006 04:41 PM 2,855,080 aawsepersonal.exe
07/12/2005 07:55 PM 443,774 ac3filter_1_01a_rc5.exe
06/03/2008 09:04 AM 172,968 activescan2_en.exe
11/25/2004 09:23 PM 1,688,539 BitComet_0.56[www.click-now.net].exe
08/24/2007 07:39 PM 4,862,464 BitComet_0.91_setup.exe
07/12/2005 10:44 AM 2,689,179 bsplayer132.820.exe
07/25/2006 07:52 AM 5,853,101 Combined-Community-Codec-Pack-2006-07-22.exe
09/04/2007 05:58 PM 475,302 coreavc1500.exe
05/06/2003 09:35 PM 3,328,641 DivX505Bundle.exe
08/21/2005 06:40 AM 4,876,472 Firefox Setup 1.0.6.exe
11/29/2004 03:20 PM 1,279,583 FlashFXP_2_Setup-nohelp.exe
06/03/2008 10:16 AM 812,344 HJTInstall.exe
11/17/2006 10:24 PM 1,410,680 install_flash_player.exe
11/08/2007 01:20 PM 22,540 M-1H8SV72eNL[1].avi.torrent
11/26/2007 11:08 PM 30,477 M-98HHmIVPHL[1].torrent
09/11/2007 08:19 PM 32,134 M-TJWGiP8cuf[1].torrent
06/02/2008 09:20 PM 1,756,760 mbam-setup.exe
04/27/2004 02:55 AM 1,290,240 mirc614.exe
07/12/2005 10:53 AM 2,003,969 mpc2kxp6484.zip
06/02/2008 08:13 PM 544,627 OTScanIt.exe
07/12/2005 10:50 AM 8,274,695 vlc-0.8.2-win32.exe
05/31/2006 06:04 PM 8,282,187 vlc-0.8.5-win32.exe
09/18/2005 04:57 PM 1,026,632 winamp51_lite.exe
10/20/2002 11:21 PM 770,048 winmx331.exe
07/12/2005 10:47 AM 1,163,643 wrar342.exe
07/12/2005 10:48 AM 635,569 XviD-1.0.3-20122004.exe
12/26/1999 01:17 PM 83,968 Zidrav.exe
28 File(s) 75,818,880 bytes
2 Dir(s) 41,855,836,160 bytes free
  • 0

#8
Rorschach112
Posted 03 June 2008 - 05:50 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

  • Make sure you have an Internet Connection.
  • Double-click OTScanIt.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#9
Wakye
Posted 03 June 2008 - 06:05 PM

Wakye

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks for all your assistance. It's greatly appreciated.
  • 0

#10
Rorschach112
Posted 03 June 2008 - 06:07 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP