Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virtumonde -- stubborn bouncebackability [RESOLVED]


  • This topic is locked This topic is locked

#1
onine

onine

    New Member

  • Member
  • Pip
  • 7 posts
Hello all --I'm new to the forum and I am glad you are willing to share your expertise. I started getting pop ups about a week ago - usual gambling, soft porn etc. This coincided with a copy of PC tools protection being offered free in a computer ( I have until recently used AVG and Comodo - both free). I scanned my system and I came back with Virtumonde ( there were several references to Juan and MS Juan). I deleted the offending files / reg entries and hoped that was it. But then I hear some activity from my hard disk and it is starting again. I run another PC tools scan and the files are back. Since then I've scanned my system with all kinds of progs but to no avail. At one point I got a pop up as I was scanning!
So I've looked at the do this entry and followed it to the letter.
In the remove winfix, mundo etc entry I scanned with mundofix but it said there were no problems. Then I tried virtumondebegone and it found something. I rebooted but the problem was still there.
I did an ATF clean and created a restore point.
then
scanned with Malwarebytes' Anti-Malware scan - the log is posted below but this is the one I did today. Yesterday's found problems and removed them.
Log

Malwarebytes' Anti-Malware 1.19
Database version: 901
Windows 5.1.2600 Service Pack 2

14:12:11 29/06/2008
mbam-log-6-29-2008 (14-12-11).txt

Scan type: Quick Scan
Objects scanned: 45107
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Then came the superantispyware scan
this also found problems:

SUPERAntiSpyware Scan Log
Generated 06/29/2008 at 05:42 PM

Application Version : 3.6.1000

Core Rules Database Version : 3493
Trace Rules Database Version: 1484

Scan type : Complete Scan
Total Scan Time : 03:17:46

Memory items scanned : 431
Memory threats detected : 0
Registry items scanned : 6865
Registry threats detected : 1
File items scanned : 120763
File threats detected : 3

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{500DBD6E-6D95-4106-B9A2-DDDCCB2B30D1}

Adware.Tracking Cookie
C:\Documents and Settings\KEVIN\Cookies\[email protected][1].txt

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP

Adware.ClickSpring/Yazzle
O:\TRANSFER STUFF\DVD43_PLUS OTHERS\SUDOKUINSTALL.EXE



Next came the PANDA SCAN

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-06-29 23:20:51
PROTECTIONS: 1
MALWARE: 7
SUSPECTS: 1
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Internet Security Anti-Virus <NULL> No Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\kevin\favorites\health
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\KEVIN\Cookies\[email protected][2].txt
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\KEVIN\Desktop\VirtumundoBeGone.exe[²ƒÇ]
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\KEVIN\Desktop\VirtumundoBeGone.exe
02901912 Adware/U88 Adware No 0 Yes No C:\Utils\Proxy\Ultrasurf8.8.exe
02905032 Application/MessenPass HackTools No 0 Yes No C:\Documents and Settings\KEVIN\My Documents\SECURITY\NirExt\Messenpass\mspass\mspass.exe
02905032 Application/MessenPass HackTools No 0 Yes No C:\Documents and Settings\KEVIN\My Documents\SECURITY\NirExt\Messenpass\mspass.zip[mspass.exe]
03065145 HackTool/MailPassView.F HackTools No 0 Yes No C:\Documents and Settings\KEVIN\My Documents\SECURITY\MailPassView\mailpv\mailpv.exe
03065145 HackTool/MailPassView.F HackTools No 0 Yes No C:\Documents and Settings\KEVIN\My Documents\SECURITY\MailPassView\mailpv.zip[mailpv.exe]
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location -'
;===============================================================================
=================================================================================
===================
No C:\WINDOWS\SYSTEM32\UEQHLJGW.DLL -'
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description -'
;===============================================================================
=================================================================================
===================
133387 MEDIUM MS06-065 -'
;===============================================================================
=================================================================================
===================


And finally the Hijack this scan and also delete list

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:57, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {4CA42C44-F5C4-424B-939A-AD2731C14112} - C:\WINDOWS\system32\nnnoMFyX.dll (file missing)
O2 - BHO: {26454e31-a27d-a68a-3884-3075cb33de58} - {85ed33bc-5703-4883-a86a-d72a13e45462} - C:\WINDOWS\system32\ueqhljgw.dll
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://cam30522.miem...net/kxhcm10.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1129745320171
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://38.112.40.106...1/bl_camera.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

UNINSTALL LIST


Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.2
Adobe Stock Photos 1.0
BBC iPlayer Download Manager
Canon i865
CCleaner (remove only)
CD-LabelPrint
C-Media Card Reader Driver USB2.0
C-Media USB2.0 Card Reader
Cool Edit 2000
Creatix V.92 Data Fax Modem
Curitel Packet Service Software
D-Client
DivX Player
DivX Pro
Dragon NaturallySpeaking 9
Drive Manager
Drive Manager
DVD Decrypter (Remove Only)
DVD Shrink 3.2
eMindMaps
eTrust Registration
Flash Movie Player 1.5
High Definition Audio Driver Package - KB888111
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Informations about your PC
IsoBuster 1.6
iTunes
J2SE Runtime Environment 5.0 Update 4
Learn2 Player (Uninstall Only)
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Shockwave Player
Magic DVD Ripper V5.2.1 build 8
Malwarebytes' Anti-Malware
MediaShow 3.0
Medion Info Display
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft AutoRoute 2006
Microsoft Digital Image 2006 Standard Edition
Microsoft Encarta Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 6 Ultra Edition
Nero Suite
NetGammon8
NVIDIA Drivers
Oxford-Hachette French Dictionary
Panda ActiveScan 2.0
Passware Kit 5.7
PC Suite
PC Tools Internet Security 2008
PhotoNow! 1.0
PowerCinema
PowerCinema Linux 4.7
PowerDirector
PowerDVD
PowerProducer
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RT2500 USB Wireless LAN Card
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Skype 1.4
Snowie Version 4
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
StudyWorks
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB Wireless Keyboard Driver
videon
Viewpoint Media Player
Winamp (remove only)
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
X10 Hardware™


I've followed all the steps with no luck and I just hope someone can lend a hand.

ps I'm not sure what bumping is??



End of file - 10127 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download RUNSCANNER to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log
  • Call the file "Select a file name here" and save it to your desktop. You will see the .run file on your desktop. Please zip the .run file by right clicking and selecting send to Zip file

Then upload that as an attachment in your next post.
  • 0

#3
onine

onine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks Rorschach112 for getting back to me.
I've done the scan and hopefully the file is attached.

Attached Files


  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download the zipped attachment at the end of this post(this will be your runscanner as fixed by me)

  • Unzip it to your desktop then double click the runscanner icon this will run the program.
  • Click on the "Item Fixer" tab
  • You will notice several entries with a tick in red, click Fix checked.
  • Accept the warning then repeat until they are all gone.




Reboot and do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#5
onine

onine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi. I followed your instructions but made a mistake with the process. I did the scan fixing the checked marks but then started dss.exe before rebooting. As soon as I realised my error I rebooted and ran dss.exe. I only came up with main.txt and not extra. I've posted it below. Sorry about that I realise that everything should be precise. I'll print the instructions next time.


Deckard's System Scanner v20071014.68
Run by KEVIN on 2008-06-30 21:15:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as KEVIN.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:02, on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
C:\Program Files\PC Tools Internet Security\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\PC Tools Internet Security\pctsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\KEVIN\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KEVIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Internet Security\pctsTray.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1129745320171
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9787 bytes

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-29 23:22:33 0 d-------- C:\Program Files\Trend Micro
2008-06-29 17:59:09 0 d-------- C:\Program Files\Panda Security
2008-06-29 14:16:30 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-29 14:16:22 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-29 14:16:22 0 d-------- C:\Documents and Settings\KEVIN\Application Data\SUPERAntiSpyware.com
2008-06-29 14:14:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 23:25:40 0 dr-h----- C:\Documents and Settings\KEVIN\Recent
2008-06-28 17:33:56 0 d-------- C:\WINDOWS\ERUNT
2008-06-28 17:31:49 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-28 17:31:49 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-28 17:31:49 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-28 17:31:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-06-28 17:31:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-06-28 17:31:49 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-28 17:31:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-28 17:31:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-28 17:31:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-06-28 17:31:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-06-28 17:31:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-28 17:31:48 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-06-28 17:31:48 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-28 17:31:48 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-28 17:31:48 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-28 17:31:48 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-28 17:31:48 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-28 17:31:48 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-28 17:31:48 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-28 17:31:48 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-28 17:31:48 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-28 17:31:46 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-28 15:30:21 0 d-------- C:\Documents and Settings\KEVIN\Application Data\Malwarebytes
2008-06-28 15:30:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 15:30:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-28 15:29:45 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-28 10:59:59 0 d-------- C:\VundoFix Backups
2008-06-28 10:30:11 0 d-------- C:\Security
2008-06-27 22:14:55 0 d-------- C:\Documents and Settings\Jane\Application Data\PCToolsFirewallPlus
2008-06-27 22:14:54 0 d-------- C:\Documents and Settings\Jane\Application Data\PCToolsSpamMonitorPlus
2008-06-27 20:37:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2008-06-27 20:37:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsFirewallPlus
2008-06-27 19:27:55 0 d-------- C:\Documents and Settings\KEVIN\Application Data\PCToolsFirewallPlus
2008-06-27 19:27:54 0 d-------- C:\Documents and Settings\KEVIN\Application Data\PCToolsSpamMonitorPlus
2008-06-27 19:22:52 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-27 19:22:27 93440 --a------ C:\WINDOWS\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver>
2008-06-27 19:22:21 0 d-------- C:\Program Files\Common Files\PC Tools
2008-06-27 19:22:14 0 d-------- C:\Program Files\PC Tools Internet Security
2008-06-27 19:22:14 0 d-------- C:\Documents and Settings\KEVIN\Application Data\PC Tools
2008-06-27 19:22:14 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-27 10:33:11 106496 --a------ C:\WINDOWS\system32\ueqhljgw.dll
2008-06-25 09:43:00 558582 --ahs---- C:\WINDOWS\system32\XyFMonnn.ini2
2008-06-25 00:05:53 0 d-------- C:\Program Files\Goto.Games
2008-06-22 22:45:14 0 d-------- C:\Snowie Documents
2008-06-22 22:45:13 462848 --a------ C:\WINDOWS\system32\NMW3VWN.DLL <Not Verified; NetManage Inc.; NMW3VWN.DLL>
2008-06-22 22:45:13 48128 --a------ C:\WINDOWS\system32\NMSCKN.DLL <Not Verified; NetManage Inc.; NMSCKN.DLL>
2008-06-22 22:45:13 66560 --a------ C:\WINDOWS\system32\NMORENU.DLL <Not Verified; NetManage Inc.; NetManage, Inc. English Resource>
2008-06-22 22:45:13 240640 --a------ C:\WINDOWS\system32\NMOCOD.DLL
2008-06-22 22:45:03 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-06-22 22:44:47 9509376 --a------ C:\Snowie4OLD.exe <Not Verified; SnowieGroup; Snowie4>
2008-06-22 22:44:47 0 d-------- C:\Program Files\SnowieGroup
2008-06-22 21:45:50 0 d-------- C:\Program Files\Smart Projects
2008-06-22 21:43:41 0 d--h----- C:\WINDOWS\PIF
2008-06-21 08:02:00 0 d-------- C:\TempClEdt
2008-06-11 19:38:18 0 d-------- C:\SeaGateBackup
2008-06-11 19:31:00 0 d-------- C:\Program Files\Seagate
2008-06-11 19:31:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Seagate
2008-06-11 19:29:55 0 d-------- C:\Program Files\MSXML 6.0
2008-06-11 00:37:29 0 d-------- C:\My Deliveries
2008-06-09 22:04:10 0 d-------- C:\TempFilm
2008-06-03 22:15:31 0 d-------- C:\MUSICINDARKNESS


-- Find3M Report ---------------------------------------------------------------

2008-06-29 22:34:14 14276 --a------ C:\Documents and Settings\KEVIN\Application Data\wklnhst.dat
2008-06-29 14:14:38 0 d-------- C:\Program Files\Common Files
2008-06-28 14:22:41 0 d-------- C:\Documents and Settings\KEVIN\Application Data\AVG7
2008-06-22 22:44:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 12:19:52 0 d-------- C:\Program Files\Cool2000
2008-06-16 14:12:46 2514 --a------ C:\Documents and Settings\KEVIN\Application Data\SAS7_000.DAT
2008-06-13 11:16:51 0 d-------- C:\Documents and Settings\KEVIN\Application Data\Adobe
2008-06-09 21:35:30 120 --a------ C:\Documents and Settings\KEVIN\Application Data\FixVTS.ini
2008-05-31 16:16:52 0 d-------- C:\Documents and Settings\KEVIN\Application Data\RipIt4Me
2008-05-25 16:15:53 0 d-------- C:\Program Files\MindJET
2008-05-09 17:03:08 0 d-------- C:\Program Files\D-Client
2008-05-01 17:07:25 0 --a------ C:\WINDOWS\system32\˜æ


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MedionVFD"="C:\Program Files\Medion Info Display\MdionLCM.exe" [11/10/2005 17:11]
"CHotkey"="mHotkey.exe" [03/06/2004 21:07 C:\WINDOWS\mHotkey.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [16/02/2005 17:15]
"DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [27/11/2006 11:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/10/2006 19:58]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [24/10/2005 08:13]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19/07/2005 18:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/06/2005 16:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/06/2005 16:14]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [09/10/2007 16:21]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25/10/2006 10:03]
"RTHDCPL"="RTHDCPL.EXE" [18/08/2005 15:20 C:\WINDOWS\RTHDCPL.EXE]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 13:00]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [28/10/2005 22:53]
"nwiz"="nwiz.exe" [22/09/2005 23:21 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [22/09/2005 23:21 C:\WINDOWS\system32\nvmctray.dll]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/09/2005 23:21]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 13:00]
"ledpointer"="CNYHKey.exe" [21/07/2003 22:28 C:\WINDOWS\CNYHKey.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/10/2006 10:36]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/02/2005 17:15]
"InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" [22/09/2005 14:19]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 13:00]
"CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [12/10/2005 14:44]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [22/08/2005 23:05]
"Alcmtr"="ALCMTR.EXE" [04/05/2005 02:43 C:\WINDOWS\ALCMTR.EXE]
"ISTray"="C:\Program Files\PC Tools Internet Security\pctsTray.exe" [01/02/2008 11:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [08/06/2005 15:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [27/02/2007 11:39]

C:\Documents and Settings\KEVIN\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe




-- End of Deckard's System Scanner: finished at 2008-06-30 21:16:30 ------------
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\ueqhljgw.dll
    C:\WINDOWS\system32\XyFMonnn.ini2
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\Snowie4OLD.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


Also post a new DSS Log
  • 0

#7
onine

onine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello -- logs posted below

OTMoveIt2 log

Explorer killed successfully
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ueqhljgw.dll
C:\WINDOWS\system32\ueqhljgw.dll NOT unregistered.
C:\WINDOWS\system32\ueqhljgw.dll moved successfully.
C:\WINDOWS\system32\XyFMonnn.ini2 moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_168.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_2He2POH9kgWCg4t scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07012008_075234

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_168.dat not found!
File C:\WINDOWS\temp\sqlite_2He2POH9kgWCg4t not found!


www.virustotal.com

Antivirus Version Last Update Result
AhnLab-V3 2008.7.1.0 2008.07.01 -
AntiVir 7.8.0.59 2008.07.01 -
Authentium 5.1.0.4 2008.07.01 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.07.01 -
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.07.01 -
DrWeb 4.44.0.09170 2008.07.01 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5916 2008.07.01 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.07.01 -
F-Secure 7.60.13501.0 2008.06.26 Suspicious:W32/Kolweb.d!Gemini
Fortinet 3.14.0.0 2008.07.01 -
GData 2.0.7306.1023 2008.07.01 -
Ikarus T3.1.1.26.0 2008.07.01 -
Kaspersky 7.0.0.125 2008.07.01 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.07.01 -
NOD32v2 3230 2008.07.01 -
Norman 5.80.02 2008.06.30 -
Panda 9.0.0.4 2008.07.01 -
Prevx1 V2 2008.07.01 -
Rising 20.51.10.00 2008.07.01 -
Sophos 4.30.0 2008.07.01 -
Sunbelt 3.1.1509.1 2008.07.01 -
Symantec 10 2008.07.01 -
TheHacker 6.2.96.365 2008.07.01 -
TrendMicro 8.700.0.1004 2008.07.01 PAK_Generic.001
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.07.01 -
Additional information
File size: 9509376 bytes
MD5...: f176bde0474e65b633b04570caafefbd
SHA1..: 1efad61b78fa9e637018657caf92b90bf58edcf2
SHA256: 7a518d8fd7e7a508b908a477ff08e21ee2273c19e9d5c58ea5b2e2204bd3e2e2
SHA512: 3192147b3d3ae083c8a1061a3230b852129deaec006c711e4236c3014deff0e8
be78ee9dec11b360014d57778b9860cc58c44166ec3d83210ec02308c68053da
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x6c1698
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x2c08f8 0x2c0a00 6.53 66cd6a09d29706f6f8439343bd84efa6
DATA 0x2c2000 0x503c 0x5200 5.03 15a4d070c44f14108142d5076cdc1bf7
BSS 0x2c8000 0x15541 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x2de000 0x3bea 0x3c00 5.12 1e10b14627cead9847d58ef98dce8309
.tls 0x2e2000 0x14 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x2e3000 0x18 0x200 0.21 3dd6c5fca9fa592e8992ecb6b4fd9193
.reloc 0x2e4000 0x2a8fc 0x2aa00 6.71 399cd03c27af5fc34feff264298183d8
.rsrc 0x30f000 0x61d200 0x61d200 5.56 ba90c771b7643ef5224cbf3860d4497e

( 30 imports )
> kernel32.dll: GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, CreateFileA, CloseHandle
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: SafeArrayPutElement, SafeArrayPtrOfIndex, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysFreeString, SysReAllocStringLen, SysAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA
> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegOpenKeyA, RegFlushKey, RegEnumKeyExA, RegCreateKeyExA, RegCloseKey
> kernel32.dll: lstrcpyA, lstrcmpA, WritePrivateProfileStringA, WriteFile, WinExec, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, TerminateThread, SuspendThread, Sleep, SizeofResource, SetVolumeLabelA, SetThreadPriority, SetThreadLocale, SetFileTime, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, SetCurrentDirectoryA, SearchPathA, ResumeThread, ResetEvent, ReleaseMutex, ReadFile, OpenFileMappingA, MultiByteToWideChar, MulDiv, MoveFileA, LockResource, LocalFree, LocalFileTimeToFileTime, LoadResource, LoadLibraryA, LeaveCriticalSection, IsDBCSLeadByte, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVolumeInformationA, GetVersionExA, GetVersion, GetUserDefaultLangID, GetUserDefaultLCID, GetTickCount, GetThreadPriority, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDirectoryA, GetProfileStringA, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLogicalDriveStringsA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileTime, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentDirectoryA, GetCPInfo, FreeResource, InterlockedIncrement, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindNextChangeNotification, FindFirstFileA, FindCloseChangeNotification, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, FatalAppExitA, EnumCalendarInfoA, EnterCriticalSection, DosDateTimeToFileTime, DeleteFileA, DeleteCriticalSection, CreateThread, CreateMutexA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle
> mpr.dll: WNetGetConnectionA
> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> gdi32.dll: UnrealizeObject, TextOutA, StretchBlt, StartPage, StartDocA, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetTextAlign, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBitsToDevice, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyPolyline, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetTextColor, GetTextAlign, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetNearestColor, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetCurrentObject, GetClipBox, GetBrushOrgEx, GetBkMode, GetBkColor, GetBitmapBits, GdiFlush, ExtTextOutA, ExtCreateRegion, ExtCreatePen, ExcludeClipRect, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePatternBrush, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, CloseEnhMetaFile, BitBlt, Arc, AddFontResourceA
> user32.dll: WindowFromPoint, WindowFromDC, WinHelpA, WaitMessage, ValidateRect, UpdateWindow, UnregisterClassA, UnionRect, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharBuffA, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadImageA, LoadIconA, LoadCursorFromFileA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, IsCharAlphaNumericA, IsCharAlphaA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenuDefaultItem, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowExA, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EndPaint, EndDeferWindowPos, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExA, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DeferWindowPos, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, ChildWindowFromPoint, CheckMenuItem, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, BeginDeferWindowPos, AppendMenuA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
> ole32.dll: CreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
> oleaut32.dll: GetErrorInfo, SysFreeString
> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
> winspool.drv: OpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter
> shell32.dll: ShellExecuteA, SHGetFileInfoA
> wininet.dll: HttpSendRequestExA, HttpEndRequestA, InternetWriteFile, InternetReadFile, InternetOpenA, InternetConnectA, InternetCloseHandle, HttpSendRequestA, HttpQueryInfoA, HttpOpenRequestA, HttpAddRequestHeadersA
> comdlg32.dll: PrintDlgA, ChooseColorA, GetOpenFileNameA
> KeyLib32.dll: pp_valdate, pp_upddate, pp_tcode, pp_setvardate, pp_setvarchar, pp_lfopen, pp_lfclose, pp_libtest, pp_getvardate, pp_getvarchar, pp_getdate, pp_expired, pp_copycheck, pp_copyadd, pp_compno, pp_adddays
> BoardFunctions.dll: processDragAndDrop, processRightClick, processLeftClick, createPositionsLists
> PMBgBoard.dll: _PMB_LoadProfile, _PMB_SetActionCallback, _PMB_SetAnimationSpeed, _PMB_SetEditMode, _PMB_Display, _PMB_GetPosition, _PMB_SetPosition, _PMB_3D_SetLight, _PMB_3D_SetRotation, _PMB_SetFloor, _PMB_SetTable, _PMB_SetBackground, _PMB_SetChecker, _PMB_SetDice, _PMB_SetCube, _PMB_SetBoardNumbers, _PMB_SetBoardGround, _PMB_SetBoardPoints, _PMB_SetBoardFrame, _PMB_SetHomeField, _PMB_GetUsedSize, _PMB_Resize, _PMB_DestroyBoard, _PMB_CreateBoard
> winmm.dll: sndPlaySoundA
> ole32.dll: ReleaseStgMedium, DoDragDrop, RevokeDragDrop, RegisterDragDrop, OleInitialize, CoTaskMemFree, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID
> shell32.dll: SHGetSpecialFolderLocation, SHGetInstanceExplorer, SHGetPathFromIDList, SHGetDesktopFolder, SHGetMalloc
> kernel32.dll: FindFirstChangeNotificationA
> kernel32.dll: MulDiv
> wsock32.dll: WSACleanup, WSAStartup, WSAGetLastError, WSACancelAsyncRequest, WSAAsyncGetServByName, WSAAsyncGetHostByName, WSAAsyncSelect, gethostname, getservbyname, gethostbyname, socket, setsockopt, send, select, recv, ntohs, listen, ioctlsocket, inet_ntoa, inet_addr, htons, htonl, getsockopt, connect, closesocket, bind, accept
> wininet.dll: InternetCrackUrlA
> SnowieDice.dll: DiceInitialize, SetSeed, GetNextDie, SetRandomSeed
> Snowie4.dll: SnowGetLuckRate, ComputeELPosition, ComputeELBorderline, SnowGetBoaPosition, SnowBellCounts, UpdateBoa, ImportNextPos, ImportAbort, ImportGetMatch, ImportGetMatches, ImportInitialize, SnowVolatility, MatchParams, SnowRolloutCubeExtension, SnowRolloutCubeAction, SnowEquity, SnowGetCubeAction, SnowRolloutEval, SnowGetEval, SnowGetBestMoves, Win95Initialize

( 0 exports )

packers (F-Prot): UPX


Deckard's System Scanner v20071014.68
Run by KEVIN on 2008-07-01 08:21:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as KEVIN.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:21:35, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
C:\Program Files\PC Tools Internet Security\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Tools Internet Security\pctsTray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\KEVIN\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KEVIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Internet Security\pctsTray.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1129745320171
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9771 bytes

-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-06-29 23:22:33 0 d-------- C:\Program Files\Trend Micro
2008-06-29 17:59:09 0 d-------- C:\Program Files\Panda Security
2008-06-29 14:16:30 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-29 14:16:22 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-29 14:16:22 0 d-------- C:\Documents and Settings\KEVIN\Application Data\SUPERAntiSpyware.com
2008-06-29 14:14:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 23:25:40 0 dr-h----- C:\Documents and Settings\KEVIN\Recent
2008-06-28 17:33:56 0 d-------- C:\WINDOWS\ERUNT
2008-06-28 17:31:49 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-28 17:31:49 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-28 17:31:49 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-28 17:31:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-06-28 17:31:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-06-28 17:31:49 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-28 17:31:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-28 17:31:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-28 17:31:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-06-28 17:31:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-06-28 17:31:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-28 17:31:48 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-06-28 17:31:48 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-28 17:31:48 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-28 17:31:48 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-28 17:31:48 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-28 17:31:48 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-28 17:31:48 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-28 17:31:48 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-28 17:31:48 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-28 17:31:48 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-28 17:31:46 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-28 15:30:21 0 d-------- C:\Documents and Settings\KEVIN\Application Data\Malwarebytes
2008-06-28 15:30:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 15:30:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-28 15:29:45 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-28 10:59:59 0 d-------- C:\VundoFix Backups
2008-06-28 10:30:11 0 d-------- C:\Security
2008-06-27 22:14:55 0 d-------- C:\Documents and Settings\Jane\Application Data\PCToolsFirewallPlus
2008-06-27 22:14:54 0 d-------- C:\Documents and Settings\Jane\Application Data\PCToolsSpamMonitorPlus
2008-06-27 20:37:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2008-06-27 20:37:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsFirewallPlus
2008-06-27 19:27:55 0 d-------- C:\Documents and Settings\KEVIN\Application Data\PCToolsFirewallPlus
2008-06-27 19:27:54 0 d-------- C:\Documents and Settings\KEVIN\Application Data\PCToolsSpamMonitorPlus
2008-06-27 19:22:52 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-27 19:22:27 93440 --a------ C:\WINDOWS\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver>
2008-06-27 19:22:21 0 d-------- C:\Program Files\Common Files\PC Tools
2008-06-27 19:22:14 0 d-------- C:\Program Files\PC Tools Internet Security
2008-06-27 19:22:14 0 d-------- C:\Documents and Settings\KEVIN\Application Data\PC Tools
2008-06-27 19:22:14 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-25 00:05:53 0 d-------- C:\Program Files\Goto.Games
2008-06-22 22:45:14 0 d-------- C:\Snowie Documents
2008-06-22 22:45:13 462848 --a------ C:\WINDOWS\system32\NMW3VWN.DLL <Not Verified; NetManage Inc.; NMW3VWN.DLL>
2008-06-22 22:45:13 48128 --a------ C:\WINDOWS\system32\NMSCKN.DLL <Not Verified; NetManage Inc.; NMSCKN.DLL>
2008-06-22 22:45:13 66560 --a------ C:\WINDOWS\system32\NMORENU.DLL <Not Verified; NetManage Inc.; NetManage, Inc. English Resource>
2008-06-22 22:45:13 240640 --a------ C:\WINDOWS\system32\NMOCOD.DLL
2008-06-22 22:45:03 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-06-22 22:44:47 9509376 --a------ C:\Snowie4OLD.exe <Not Verified; SnowieGroup; Snowie4>
2008-06-22 22:44:47 0 d-------- C:\Program Files\SnowieGroup
2008-06-22 21:45:50 0 d-------- C:\Program Files\Smart Projects
2008-06-22 21:43:41 0 d--h----- C:\WINDOWS\PIF
2008-06-21 08:02:00 0 d-------- C:\TempClEdt
2008-06-11 19:38:18 0 d-------- C:\SeaGateBackup
2008-06-11 19:31:00 0 d-------- C:\Program Files\Seagate
2008-06-11 19:31:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Seagate
2008-06-11 19:29:55 0 d-------- C:\Program Files\MSXML 6.0
2008-06-11 00:37:29 0 d-------- C:\My Deliveries
2008-06-09 22:04:10 0 d-------- C:\TempFilm
2008-06-03 22:15:31 0 d-------- C:\MUSICINDARKNESS


-- Find3M Report ---------------------------------------------------------------

2008-06-29 22:34:14 14276 --a------ C:\Documents and Settings\KEVIN\Application Data\wklnhst.dat
2008-06-29 14:14:38 0 d-------- C:\Program Files\Common Files
2008-06-28 14:22:41 0 d-------- C:\Documents and Settings\KEVIN\Application Data\AVG7
2008-06-22 22:44:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 12:19:52 0 d-------- C:\Program Files\Cool2000
2008-06-16 14:12:46 2514 --a------ C:\Documents and Settings\KEVIN\Application Data\SAS7_000.DAT
2008-06-13 11:16:51 0 d-------- C:\Documents and Settings\KEVIN\Application Data\Adobe
2008-06-09 21:35:30 120 --a------ C:\Documents and Settings\KEVIN\Application Data\FixVTS.ini
2008-05-31 16:16:52 0 d-------- C:\Documents and Settings\KEVIN\Application Data\RipIt4Me
2008-05-25 16:15:53 0 d-------- C:\Program Files\MindJET
2008-05-09 17:03:08 0 d-------- C:\Program Files\D-Client
2008-05-01 17:07:25 0 --a------ C:\WINDOWS\system32\˜æ


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MedionVFD"="C:\Program Files\Medion Info Display\MdionLCM.exe" [11/10/2005 17:11]
"CHotkey"="mHotkey.exe" [03/06/2004 21:07 C:\WINDOWS\mHotkey.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [16/02/2005 17:15]
"DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [27/11/2006 11:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/10/2006 19:58]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [24/10/2005 08:13]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19/07/2005 18:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/06/2005 16:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/06/2005 16:14]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [09/10/2007 16:21]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25/10/2006 10:03]
"RTHDCPL"="RTHDCPL.EXE" [18/08/2005 15:20 C:\WINDOWS\RTHDCPL.EXE]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 13:00]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [28/10/2005 22:53]
"nwiz"="nwiz.exe" [22/09/2005 23:21 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [22/09/2005 23:21 C:\WINDOWS\system32\nvmctray.dll]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/09/2005 23:21]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 13:00]
"ledpointer"="CNYHKey.exe" [21/07/2003 22:28 C:\WINDOWS\CNYHKey.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/10/2006 10:36]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/02/2005 17:15]
"InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" [22/09/2005 14:19]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 13:00]
"CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [12/10/2005 14:44]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [22/08/2005 23:05]
"Alcmtr"="ALCMTR.EXE" [04/05/2005 02:43 C:\WINDOWS\ALCMTR.EXE]
"ISTray"="C:\Program Files\PC Tools Internet Security\pctsTray.exe" [01/02/2008 11:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [08/06/2005 15:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [27/02/2007 11:39]

C:\Documents and Settings\KEVIN\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe




-- End of Deckard's System Scanner: finished at 2008-07-01 08:22:00 ------------
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do you know what this is

C:\Program Files\SnowieGroup
  • 0

#9
onine

onine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Yes, Snowie Group produce a backgammon programme called Snowie. I've only recently installed that version as before that I won a copy of Snowie student; so its installation does coincide with the problem to an extent. Its not a problem to uninstall it.
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
It's fine, I was just curious about it.

Nearly done now


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#11
onine

onine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thats done


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 01, 2008 9:18:07 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/07/2008
Kaspersky Anti-Virus database records: 902137
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
J:\
K:\
L:\
M:\
N:\

Scan Statistics:
Total number of scanned objects: 71420
Number of viruses found: 7
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 00:42:46

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kontiki\error.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0237\0192\values Object is locked skipped
C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools Internet Security\SpamMonitor\History.dat Object is locked skipped
C:\Documents and Settings\KEVIN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\KEVIN\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\KEVIN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\KEVIN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\KEVIN\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\KEVIN\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\KEVIN\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\KEVIN\My Documents\SECURITY\IEPasswords\iepv\iepv.exe Infected: not-a-virus:PSWTool.Win32.NetPass.e skipped
C:\Documents and Settings\KEVIN\My Documents\SECURITY\IEPasswords\iepv.zip/iepv.exe Infected: not-a-virus:PSWTool.Win32.NetPass.e skipped
C:\Documents and Settings\KEVIN\My Documents\SECURITY\IEPasswords\iepv.zip ZIP: infected - 1 skipped
C:\Documents and Settings\KEVIN\My Documents\SECURITY\MailPassView\mailpv\mailpv.exe Infected: not-a-virus:PSWTool.Win32.MailPassView.142 skipped
C:\Documents and Settings\KEVIN\My Documents\SECURITY\MailPassView\mailpv.zip/mailpv.exe Infected: not-a-virus:PSWTool.Win32.MailPassView.142 skipped
C:\Documents and Settings\KEVIN\My Documents\SECURITY\MailPassView\mailpv.zip ZIP: infected - 1 skipped
C:\Documents and Settings\KEVIN\My Documents\SECURITY\NirExt\Messenpass\mspass\mspass.exe Infected: not-a-virus:PSWTool.Win32.Messen.m skipped
C:\Documents and Settings\KEVIN\My Documents\SECURITY\NirExt\Messenpass\mspass.zip/mspass.exe Infected: not-a-virus:PSWTool.Win32.Messen.m skipped
C:\Documents and Settings\KEVIN\My Documents\SECURITY\NirExt\Messenpass\mspass.zip ZIP: infected - 1 skipped
C:\Documents and Settings\KEVIN\My Documents\SECURITY\Wireless key view\wirelesskeyview\WirelessKeyView.exe Infected: not-a-virus:PSWTool.Win32.Messen.n skipped
C:\Documents and Settings\KEVIN\My Documents\SECURITY\Wireless key view\wirelesskeyview.zip/WirelessKeyView.exe Infected: not-a-virus:PSWTool.Win32.Messen.n skipped
C:\Documents and Settings\KEVIN\My Documents\SECURITY\Wireless key view\wirelesskeyview.zip ZIP: infected - 1 skipped
C:\Documents and Settings\KEVIN\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\KEVIN\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped
C:\Program Files\PC Tools Internet Security\NetworkLayer\FirewallWrapper.txt Object is locked skipped
C:\Program Files\PC Tools Internet Security\NetworkLayer\InterfaceDLL.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E3A81395-6388-4F2D-9624-04AFEC1E377A}\RP204\A0040472.dll Infected: Trojan.Win32.Obfuscated.ddy skipped
C:\System Volume Information\_restore{E3A81395-6388-4F2D-9624-04AFEC1E377A}\RP212\change.log Object is locked skipped
C:\Utils\Proxy\Ultrasurf8.8.exe Infected: Backdoor.Win32.WinterLove.cy skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_42c.dat Object is locked skipped
C:\WINDOWS\Temp\sqlite_8udT6sUhdkYfW0n Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\07012008_075234\WINDOWS\system32\ueqhljgw.dll Infected: Trojan.Win32.Monderc.gen skipped
L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#13
onine

onine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello Rorschach112 -- thank you for helping me - I really appreciate it. I haven't seen any pop ups for a couple of days now. I've also been following your advice about strengthening my defences and have the latest windows/java updates along with some other stuff.

I know you services are free but I'll send a donation anyway as you are providing invaluable help.
regards
onine
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP