Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojans, Malware [RESOLVED]


  • This topic is locked This topic is locked

#1
MelR2

MelR2

    Member

  • Member
  • PipPip
  • 20 posts
So I still have Trojans and Malware in my computer even after I bought a new Spy Sweeper and Antivirus. I attempted to clean it out with that, and the programs provided by Geekstogo before the HiJack Log, but there's still things in my computer that shouldn't be there. Helpp

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:12 AM, on 7/2/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\portsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\AOL\1128345755\ee\AOLHostManager.exe
C:\Program Files\WistaAntivirus\wistaantivirus.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\AOL\1128345755\ee\AOLServiceHost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: sm_ie_monitor.ie_monitor - {BCA83B3B-5D57-431E-9C04-F5A7AC4AF4D7} - C:\Program Files\SpyMaxx\sm_ie_monitor.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1128345755\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe"
O4 - HKLM\..\Run: [HelpCenter] "C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" /P HelpCenter
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Dflk] C:\WINDOWS\system32\?ecurity\l?gonui.exe
O4 - HKCU\..\Run: [wistaantivirus] "C:\Program Files\WistaAntivirus\wistaantivirus.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\System32\1028f.exe
O4 - HKUS\S-1-5-18\..\Run: [IEUpdate] C:\WINDOWS\System32\1028f.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [IEUpdate] C:\WINDOWS\System32\1028f.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IEUpdate] C:\WINDOWS\System32\1028f.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [IEUpdate] C:\WINDOWS\System32\1028f.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} - https://password.bel...oad/tgctlsr.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\untitled.JPG
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\tomw3.bmp
O24 - Desktop Component 10: (no name) - http://myspace-155.v...190522155_l.jpg
O24 - Desktop Component 11: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Melly's\icons\pictures\thuglife.JPG
O24 - Desktop Component 12: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Melly's\icons\emoicons\th_2csdwjr.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\cartoon1.gif
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\da3.jpg
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\stars.jpg
O24 - Desktop Component 5: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\bubbles.gif
O24 - Desktop Component 6: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\tink2.gif
O24 - Desktop Component 7: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\mierda\OMG.bmp
O24 - Desktop Component 8: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\mierda\bubbles.gif
O24 - Desktop Component 9: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\peace.JPG

--
End of file - 9829 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
MelR2

MelR2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ComboFix 08-07-01.5 - Melinda Roman 2008-07-02 12:47:10.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.143 [GMT -4:00]
Running from: C:\Documents and Settings\Melinda Roman\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\asks~1
C:\Program Files\mantec~1
C:\Program Files\mantec~1\??mantec\
C:\Program Files\mantec~1\nslookup.exe
C:\WINDOWS\444.471
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\portsv.exe
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ygnnxcvc.ini

----- BITS: Possible infected sites -----

hxxp://80.93.48.89
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Legacy_MSSECURITY1.209.4
-------\Service_clbdriver
-------\Legacy_PlugPlayRPC
-------\Service_PlugPlayRPC


((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.

2008-07-02 00:41 . 2008-07-02 00:41 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-02 00:41 . 2008-07-02 00:41 <DIR> d-------- C:\WINDOWS\ehome
2008-07-02 00:40 . 2002-08-29 06:41 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2008-07-02 00:39 . 2002-08-29 04:09 5,504 --------- C:\WINDOWS\system32\drivers\smbali.sys
2008-07-02 00:38 . 2002-08-29 06:41 3,494,303 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-07-02 00:38 . 2002-08-29 02:16 891,711 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-07-02 00:34 . 2002-06-14 21:46 19,274 --a------ C:\WINDOWS\000001_.tmp
2008-07-01 23:16 . 2008-07-01 23:17 <DIR> d-------- C:\Program Files\Panda Security
2008-07-01 21:24 . 2008-07-01 21:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 21:24 . 2008-07-01 21:24 <DIR> d-------- C:\Documents and Settings\Melinda Roman\Application Data\Malwarebytes
2008-07-01 21:24 . 2008-07-01 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 21:24 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 21:24 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-01 21:23 . 2008-07-01 21:23 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-01 19:38 . 2008-07-01 19:38 <DIR> d-------- C:\Program Files\WistaAntivirus
2008-07-01 15:27 . 2008-07-01 15:27 <DIR> d-------- C:\Program Files\BChanger
2008-07-01 15:24 . 2008-07-01 15:24 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot
2008-07-01 15:24 . 2008-07-01 15:24 <DIR> d-------- C:\Documents and Settings\Melinda Roman\Application Data\Webroot
2008-07-01 15:24 . 2008-07-01 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-01 15:24 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2008-07-01 15:24 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-01 15:24 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-01 15:24 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-01 15:24 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-01 15:19 . 2008-07-01 15:19 98,816 -r-hs---- C:\WINDOWS\system32\adsldpc.exe
2008-06-29 10:24 . 2008-07-02 09:25 <DIR> d-------- C:\WINDOWS\system32\1178
2008-06-29 10:24 . 2008-06-29 10:24 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-06-28 12:30 . 2008-06-28 12:30 <DIR> d-------- C:\temp\itmp4
2008-06-28 12:29 . 2002-08-29 08:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-17 13:19 . 2008-06-17 13:19 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 01:55 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-02 01:54 --------- d-----w C:\Documents and Settings\Melinda Roman\Application Data\SUPERAntiSpyware.com
2008-05-31 00:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 00:36 --------- d-----w C:\Program Files\Yahoo!
2008-05-31 00:35 --------- d-----w C:\Program Files\Ahead
2008-05-31 00:32 --------- d-----w C:\Documents and Settings\Melinda Roman\Application Data\Lavasoft
2008-05-31 00:12 --------- d-----w C:\Program Files\dvd43
2008-05-31 00:12 --------- d-----w C:\Program Files\321Studios
2008-05-31 00:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-13 19:31 --------- d-----w C:\Program Files\America Online 8.0
2008-05-13 19:31 --------- d-----w C:\Documents and Settings\Juan Roman\Application Data\Viewpoint
2008-03-01 23:51 0 ----a-w C:\Documents and Settings\Melinda Roman\.exe
2006-12-16 20:09 9,055 ----a-w C:\Program Files\hijackthis.log
2006-12-16 20:08 218,112 ----a-w C:\Program Files\HijackThis.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3670A914-63C2-4E67-8C9B-370AE1922143}]
2008-06-19 10:21 36864 --a------ C:\Program Files\BChanger\bchanger.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dflk"="C:\WINDOWS\system32\?ecurity\l?gonui.exe" [?]
"wistaantivirus"="C:\Program Files\WistaAntivirus\wistaantivirus.exe" [2008-06-28 22:29 143360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1128345755\ee\AOLHostManager.exe" [2005-08-02 15:33 159832]
"BellSouthAlertManager.exe"="C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe" [2006-01-10 20:56 1896448]
"HelpCenter"="C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" [2006-10-30 12:00 192512]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40 5367608]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\untitled.JPG
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\tomw3.bmp
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\11]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Melly's\icons\pictures\thuglife.JPG
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\12]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Melly's\icons\emoicons\th_2csdwjr.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\cartoon1.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\da3.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\stars.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\bubbles.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\tink2.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\7]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Mellys\mierda\OMG.bmp
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\8]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Mellys\mierda\bubbles.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\9]
Source= C:\Documents and Settings\Melinda Roman\My Documents\peace.JPG
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Melinda Roman^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
path=C:\Documents and Settings\Melinda Roman\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
backup=C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-09-13 00:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2003-12-02 19:11 54296 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
--a------ 2003-12-02 19:11 58392 C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-04-23 06:49 1298554 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 18:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series]
--a------ 2004-02-13 09:08 57344 C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-11-15 16:18 1670144 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 14:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2004-05-12 16:04 196608 C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-06-26 20:01 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2003-01-03 20:17 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\showicon2k]
--a------ 2003-07-04 13:55 135168 C:\Program Files\eM\Bay Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-11-02 20:59 218240 C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 04:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-10-07 01:41 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 10:15]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 04:04:21 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
"2008-07-02 15:35:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -

BHO-{BCA83B3B-5D57-431E-9C04-F5A7AC4AF4D7} - C:\Program Files\SpyMaxx\sm_ie_monitor.dll
HKU-Default-Run-IEUpdate - C:\WINDOWS\System32\1028f.exe
HKU-Default-RunServices-IEUpdate - C:\WINDOWS\System32\1028f.exe
MSConfigStartUp-Workflow - E:\installs\Workflow.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 12:59:29
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\1128345755\ee\AOLServiceHost.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-02 13:07:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-02 17:06:48

Pre-Run: 141,180,997,632 bytes free
Post-Run: 141,150,121,984 bytes free

222 --- E O F --- 2008-06-11 19:02:44




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:09 PM, on 7/2/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\WistaAntivirus\wistaantivirus.exe
C:\Program Files\Common Files\AOL\1128345755\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1128345755\ee\AOLServiceHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1128345755\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe"
O4 - HKLM\..\Run: [HelpCenter] "C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" /P HelpCenter
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Dflk] C:\WINDOWS\system32\?ecurity\l?gonui.exe
O4 - HKCU\..\Run: [wistaantivirus] "C:\Program Files\WistaAntivirus\wistaantivirus.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} - https://password.bel...oad/tgctlsr.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\untitled.JPG
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\tomw3.bmp
O24 - Desktop Component 10: (no name) - http://myspace-155.v...190522155_l.jpg
O24 - Desktop Component 11: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Melly's\icons\pictures\thuglife.JPG
O24 - Desktop Component 12: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Melly's\icons\emoicons\th_2csdwjr.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\cartoon1.gif
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\da3.jpg
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\stars.jpg
O24 - Desktop Component 5: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\bubbles.gif
O24 - Desktop Component 6: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\tink2.gif
O24 - Desktop Component 7: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\mierda\OMG.bmp
O24 - Desktop Component 8: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\mierda\bubbles.gif
O24 - Desktop Component 9: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\peace.JPG

--
End of file - 9041 bytes
  • 0

#4
MelR2

MelR2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I'm sorry I also couldn't find my windows cd just the emachines restore cd
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\000001_.tmp
C:\WINDOWS\system32\adsldpc.exe
C:\Documents and Settings\Melinda Roman\.exe

Folder::
C:\Program Files\WistaAntivirus
C:\WINDOWS\system32\1178
C:\temp\itmp4

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Also post a new HijackThis log
  • 0

#6
MelR2

MelR2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ComboFix 08-07-01.5 - Melinda Roman 2008-07-02 17:37:22.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.173 [GMT -4:00]
Running from: C:\Documents and Settings\Melinda Roman\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Melinda Roman\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Melinda Roman\.exe
C:\WINDOWS\000001_.tmp
C:\WINDOWS\system32\adsldpc.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Melinda Roman\.exe
C:\Program Files\WistaAntivirus
C:\Program Files\WistaAntivirus\config.cfg
C:\temp\itmp4
C:\WINDOWS\000001_.tmp
C:\WINDOWS\system32\1178
C:\WINDOWS\system32\adsldpc.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.

2008-07-02 14:53 . 2008-07-02 14:53 <DIR> d-------- C:\Program Files\AskSBar
2008-07-02 14:53 . 2008-07-02 14:53 164 --a------ C:\install.dat
2008-07-02 00:41 . 2008-07-02 00:41 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-02 00:41 . 2008-07-02 00:41 <DIR> d-------- C:\WINDOWS\ehome
2008-07-02 00:40 . 2002-08-29 06:41 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2008-07-02 00:39 . 2002-08-29 04:09 5,504 --------- C:\WINDOWS\system32\drivers\smbali.sys
2008-07-02 00:38 . 2002-08-29 06:41 3,494,303 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-07-02 00:38 . 2002-08-29 02:16 891,711 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-07-01 23:16 . 2008-07-01 23:17 <DIR> d-------- C:\Program Files\Panda Security
2008-07-01 21:24 . 2008-07-01 21:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 21:24 . 2008-07-01 21:24 <DIR> d-------- C:\Documents and Settings\Melinda Roman\Application Data\Malwarebytes
2008-07-01 21:24 . 2008-07-01 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 21:24 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 21:24 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-01 21:23 . 2008-07-01 21:23 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-01 15:27 . 2008-07-01 15:27 <DIR> d-------- C:\Program Files\BChanger
2008-07-01 15:24 . 2008-07-01 15:24 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot
2008-07-01 15:24 . 2008-07-01 15:24 <DIR> d-------- C:\Documents and Settings\Melinda Roman\Application Data\Webroot
2008-07-01 15:24 . 2008-07-01 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-01 15:24 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-01 15:24 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-01 15:24 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-01 15:24 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-01 15:24 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-06-29 10:24 . 2008-06-29 10:24 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-06-28 12:29 . 2002-08-29 08:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-17 13:19 . 2008-06-17 13:19 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 19:02 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-02 01:54 --------- d-----w C:\Documents and Settings\Melinda Roman\Application Data\SUPERAntiSpyware.com
2008-05-31 00:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 00:36 --------- d-----w C:\Program Files\Yahoo!
2008-05-31 00:35 --------- d-----w C:\Program Files\Ahead
2008-05-31 00:32 --------- d-----w C:\Documents and Settings\Melinda Roman\Application Data\Lavasoft
2008-05-31 00:12 --------- d-----w C:\Program Files\dvd43
2008-05-31 00:12 --------- d-----w C:\Program Files\321Studios
2008-05-31 00:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-13 19:31 --------- d-----w C:\Program Files\America Online 8.0
2008-05-13 19:31 --------- d-----w C:\Documents and Settings\Juan Roman\Application Data\Viewpoint
2006-12-16 20:09 9,055 ----a-w C:\Program Files\hijackthis.log
2006-12-16 20:08 218,112 ----a-w C:\Program Files\HijackThis.exe
.

((((((((((((((((((((((((((((( [email protected]_13.06.24.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-02 16:58:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-02 21:41:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-02 13:38:54 4,796 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Data\S-1-5-21-1214970204-3266471654-2512236806-1005.dat
+ 2008-07-02 19:12:25 4,796 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Data\S-1-5-21-1214970204-3266471654-2512236806-1005.dat
- 2008-07-02 16:57:30 53,528 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Data\settings.dat
+ 2008-07-02 21:40:10 51,528 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Data\settings.dat
- 2008-07-02 13:21:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-02 19:35:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-02 13:21:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-02 19:35:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-02 13:21:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-02 19:35:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2002-08-29 12:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\alg.exe
+ 2002-08-29 12:00:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\csrss.exe
+ 2002-08-29 12:00:00 1,004,032 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2002-08-29 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\lsass.exe
+ 2002-08-29 12:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\perfproc.dll
+ 2002-08-29 12:00:00 101,376 -c--a-w C:\WINDOWS\system32\dllcache\services.exe
+ 2002-08-29 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\smss.exe
+ 2005-06-10 23:55:46 53,248 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
+ 2002-08-29 12:00:00 12,800 -c--a-w C:\WINDOWS\system32\dllcache\svchost.exe
+ 2002-08-29 12:00:00 667,136 -c--a-w C:\WINDOWS\system32\dllcache\userenv.dll
+ 2002-08-29 12:00:00 24,064 -c--a-w C:\WINDOWS\system32\dllcache\vdmdbg.dll
- 2007-10-01 20:24:34 16,184 ----a-w C:\WINDOWS\system32\ssiefr.EXE
+ 2008-01-05 00:34:34 16,240 ----a-w C:\WINDOWS\system32\ssiefr.EXE
- 2007-10-01 20:24:36 219,448 ----a-w C:\WINDOWS\system32\WRLogonNtf.dll
+ 2008-01-05 00:34:36 219,504 ----a-w C:\WINDOWS\system32\WRLogonNtf.dll
- 2007-10-01 20:24:36 26,424 ----a-w C:\WINDOWS\system32\wrlzma.dll
+ 2008-01-05 00:34:36 26,480 ----a-w C:\WINDOWS\system32\wrlzma.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-02 14:53 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3670A914-63C2-4E67-8C9B-370AE1922143}]
2008-06-19 10:21 36864 --a------ C:\Program Files\BChanger\bchanger.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dflk"="C:\WINDOWS\system32\?ecurity\l?gonui.exe" [?]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-07-02 15:02 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1128345755\ee\AOLHostManager.exe" [2005-08-02 15:33 159832]
"BellSouthAlertManager.exe"="C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe" [2006-01-10 20:56 1896448]
"HelpCenter"="C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" [2006-10-30 12:00 192512]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\untitled.JPG
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\tomw3.bmp
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\11]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Melly's\icons\pictures\thuglife.JPG
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\12]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Melly's\icons\emoicons\th_2csdwjr.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\cartoon1.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\da3.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\stars.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\bubbles.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\tink2.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\7]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Mellys\mierda\OMG.bmp
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\8]
Source= C:\Documents and Settings\Melinda Roman\My Documents\Mellys\mierda\bubbles.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\9]
Source= C:\Documents and Settings\Melinda Roman\My Documents\peace.JPG
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-02 15:02 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-02 15:02 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Melinda Roman^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
path=C:\Documents and Settings\Melinda Roman\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
backup=C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-09-13 00:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2003-12-02 19:11 54296 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
--a------ 2003-12-02 19:11 58392 C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-04-23 06:49 1298554 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 18:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series]
--a------ 2004-02-13 09:08 57344 C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-11-15 16:18 1670144 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 14:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2004-05-12 16:04 196608 C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-06-26 20:01 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2003-01-03 20:17 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\showicon2k]
--a------ 2003-07-04 13:55 135168 C:\Program Files\eM\Bay Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-11-02 20:59 218240 C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 04:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-10-07 01:41 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 10:15]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 04:04:21 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exe
"2008-07-02 19:35:24 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 17:43:17
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\1128345755\ee\AOLServiceHost.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-07-02 17:51:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-02 21:51:00
ComboFix2.txt 2008-07-02 17:07:04

Pre-Run: 141,117,394,944 bytes free
Post-Run: 141,122,719,744 bytes free

234 --- E O F --- 2008-06-11 19:02:44


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:04 PM, on 7/2/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\1128345755\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1128345755\ee\AOLServiceHost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1128345755\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe"
O4 - HKLM\..\Run: [HelpCenter] "C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" /P HelpCenter
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Dflk] C:\WINDOWS\system32\?ecurity\l?gonui.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} - https://password.bel...oad/tgctlsr.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\untitled.JPG
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\tomw3.bmp
O24 - Desktop Component 10: (no name) - http://myspace-155.v...190522155_l.jpg
O24 - Desktop Component 11: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Melly's\icons\pictures\thuglife.JPG
O24 - Desktop Component 12: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Melly's\icons\emoicons\th_2csdwjr.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\cartoon1.gif
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\da3.jpg
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\stars.jpg
O24 - Desktop Component 5: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\bubbles.gif
O24 - Desktop Component 6: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\tink2.gif
O24 - Desktop Component 7: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\mierda\OMG.bmp
O24 - Desktop Component 8: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\mierda\bubbles.gif
O24 - Desktop Component 9: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\peace.JPG

--
End of file - 9447 bytes
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKCU\..\Run: [Dflk] C:\WINDOWS\system32\?ecurity\l?gonui.exe


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also post a new HijackThis log
  • 0

#8
MelR2

MelR2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ok here you go :)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 02, 2008 7:13:30 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/07/2008
Kaspersky Anti-Virus database records: 908654
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 60408
Number of viruses found: 7
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 00:45:16

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Melinda Roman\Application Data\BellSouth\AM\client_gateway.log Object is locked skipped
C:\Documents and Settings\Melinda Roman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-7-2-2008( 17-44-38 ).LOG Object is locked skipped
C:\Documents and Settings\Melinda Roman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-01-2008 - 23-08-09\{C7FD345C-5A93-40FF-BB82-AC11FBA559DC} Infected: not-a-virus:AdWare.Win32.PurityScan.id skipped
C:\Documents and Settings\Melinda Roman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-01-2008 - 23-08-09\{D920173E-9FEC-46EF-A099-60753ACDA41C} Infected: not-a-virus:AdWare.Win32.PurityScan.id skipped
C:\Documents and Settings\Melinda Roman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-01-2008 - 23-08-09\{EA0600E7-7834-4B05-97C6-3D82EB66AA34} Infected: not-a-virus:AdWare.Win32.PurityScan.id skipped
C:\Documents and Settings\Melinda Roman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-01-2008 - 23-08-09\{FB83824C-43E5-481B-8DD6-B64AC50E10DC} Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\Melinda Roman\Application Data\Webroot\Spy Sweeper\Logs\080702174508.ses Object is locked skipped
C:\Documents and Settings\Melinda Roman\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Melinda Roman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Melinda Roman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Melinda Roman\Local Settings\Application Data\SupportSoft\HelpCenter\Melinda Roman\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Melinda Roman\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Melinda Roman\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Melinda Roman\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Melinda Roman\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\_restore{EEB1894C-121B-4525-8B10-95B9D6B6AFD8}\RP493\A0042251.sys Infected: Rootkit.Win32.Clbd.cx skipped
C:\System Volume Information\_restore{EEB1894C-121B-4525-8B10-95B9D6B6AFD8}\RP493\A0042253.exe Infected: Trojan.Win32.Agent.tdb skipped
C:\System Volume Information\_restore{EEB1894C-121B-4525-8B10-95B9D6B6AFD8}\RP493\A0042259.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{EEB1894C-121B-4525-8B10-95B9D6B6AFD8}\RP493\A0043260.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{EEB1894C-121B-4525-8B10-95B9D6B6AFD8}\RP493\A0043272.exe Infected: not-a-virus:FraudTool.Win32.SpyAway.p skipped
C:\System Volume Information\_restore{EEB1894C-121B-4525-8B10-95B9D6B6AFD8}\RP493\A0043283.sys Infected: Rootkit.Win32.Clbd.cx skipped
C:\System Volume Information\_restore{EEB1894C-121B-4525-8B10-95B9D6B6AFD8}\RP493\A0043284.exe Infected: Worm.Win32.VB.an skipped
C:\System Volume Information\_restore{EEB1894C-121B-4525-8B10-95B9D6B6AFD8}\RP494\A0044420.exe Infected: not-a-virus:AdWare.Win32.PurityScan.id skipped
C:\System Volume Information\_restore{EEB1894C-121B-4525-8B10-95B9D6B6AFD8}\RP497\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{96AF0870-732E-49AF-B309-A84E74B90FC9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS049BC3A6-C902-4F2C-B3DA-C263B804516F.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS0AD8F02F-8B9A-464D-8F37-80B746D09BFC.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS1006A2E1-FE84-4F2E-8DDE-F22552539FDC.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS11E1F607-A043-4D4D-82F4-883855928FF5.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS1387AB97-B731-469C-8079-0A2A7A580551.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS13FBDCB7-2FE4-4822-87EF-84000C4B5D33.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS19690DEF-864A-4AA5-9F5A-F64163036C3E.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS1BD70193-DD73-4294-BC92-FCB5B7174488.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS1C6BE751-4471-4E61-92E2-AD90273E46B9.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS20C87E3B-5DEA-47A6-9865-4B967F3E5810.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS2283537F-4B0E-4CF1-87FE-195AE917F9A8.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS2BE7C701-087E-4C0D-90C5-2BB42A21CF47.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS2CA3073D-AF40-4AE9-AB59-A19B93830AE0.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS2CCBACEF-CEE8-4AFF-8E8D-007F2F5E66C6.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS32158990-69C0-4028-A0BC-BF3C8521E411.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS35A7F42C-E117-4C3F-BEEB-EF2160F47ADE.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS3C2D7988-C240-49FE-8523-96E638580B18.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS3CBF079D-51B3-4600-BE79-7614C8FCC2C6.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS3D998216-7787-46D5-B08E-31FD2C6771DE.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS3F026982-DBDB-4D53-997F-83B30A1EC7CE.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS3FFA2E36-8971-4150-B61B-88A13A60521A.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS40CBF3EF-E97E-4C6F-942F-A440787A8BE9.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS4382DC13-C03E-41F5-9979-2ECDB46E60CA.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS4438C14E-831E-47E6-81B0-FD60562E77D0.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS44F0D076-523F-4014-B93D-917807341EB9.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS46C11917-E8A8-4A5E-9966-731A5B4056FA.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS4C5EEE49-40E1-4EFD-9605-CECAC62EB22C.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS4E4C53A1-BDF1-446E-A684-6BF68C4F39CE.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS4F873C44-410C-4D28-9196-75397F21DC8D.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS5127FC2F-E12F-463C-9A91-B6D6308EEDA6.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS5221FAC7-E6C8-418A-8E50-C488F7360815.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS548AB890-F867-45BF-9568-5E244F69B23D.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS558CB5DD-22A2-4F62-B98E-357E0377ED7B.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS59A8AECE-A6E2-4607-822B-57A0A25832E2.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS6037ED26-15ED-4E35-AA00-0C5C41B0CA37.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS6048D7EC-4245-4682-AA69-433FDB2D0092.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS63446EE7-86B8-483E-A41D-E25325417E88.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS64276D62-D6FF-4F22-A69C-63BACE037C17.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS6B82FD1A-65CE-47DB-8EFF-66E2E46A745A.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS6DA82B02-6076-4631-84B0-1486B24378E4.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS6E8F1BF8-EFA1-42D3-A381-536B9AFB4CC2.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS6E8FCCB7-6F59-4F7F-8629-4BB07D9089F5.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS6F0771B9-A350-41D5-A4AA-153414047CCC.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS6F77C731-2565-4D66-B3FE-E5EFC4577F38.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS72572836-18F6-4E6F-983E-4E1E384C5870.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS7470FE54-697B-4E18-902E-DF2211A02E67.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS80211284-DE5F-4710-B3AD-FB752B510776.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS8BB72189-B86F-413F-AE01-7C4EB3235AAA.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS8DB48640-63EB-445E-AFCB-F1C4476ADBE5.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS91F63915-864F-415F-BE42-FBFA77264479.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS9D596DDC-3B00-497C-A47A-D731882ACE8C.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS9DE440D8-D6B9-4FEA-9B25-7D3D073994E7.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS9EAA54E3-4108-425D-97F0-77C27B781CEB.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMS9F9E8840-610D-4677-904C-3ECDEEAE804C.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSA06D88F9-BADE-47A6-8BD8-452491A4E4DB.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSA3118463-7978-40D0-8C5D-ECBF7B752BD8.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSA3EDC55D-F54B-416E-8CB4-9DD180643CD7.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSAD8076BE-9F86-430D-837D-A119DDC936B1.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSAE32CD32-0B41-4392-82C4-ED6A66B91D1E.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSAEC554FE-6232-48C1-B567-9CB6A40BBBA5.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSB00C98B1-6337-48FD-9454-0C62A3B07987.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSB1D5FFAC-15D3-4914-8F47-9119685FECBF.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSB3AAC20E-2D7B-4C18-BC6C-ABD5BAA3BE57.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSB4BB4855-1237-448A-AEC5-CB23A4823778.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSB561A62E-3362-4076-863B-9B7140A3C174.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSB67C3299-8540-4A4B-B14D-F1A607B00A6B.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSBA0B9939-1DDF-437F-A5EB-4A2872A0EA2D.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSBCD6EC78-7167-4F66-89F8-A7E2327F7F4B.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSC050058C-3940-4F2C-90A8-EFA3D120CF34.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSC1A97218-4FA5-4B84-AD27-61816D53BEC9.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSC29308DD-AB2E-4628-A3D8-4AE97404DC2B.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSC47D8D18-1B6C-43C7-8B28-2FF56D0B28B8.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSCAC5845E-F8E6-4A43-947C-69E26F519034.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSD1C6D25E-20FE-4900-AD08-24BB6AAF723D.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSD3521E46-272B-434D-ABD6-27C38EF271C5.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSD3CE8F86-8615-44C7-9306-A84C0A435350.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSD4261028-6B37-44CB-92E1-9FF8F7F5F657.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSD76C7D77-E638-4B3E-A543-7A8F7F4C99D3.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSD796781F-BAB4-43D7-834C-A50E4F1D39D2.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSD97B4A0F-773C-4606-B0A3-E7F3CBD5C52D.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSDD54F125-823D-4087-B893-27EDE8328A03.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSDF7D3795-85F5-44D9-B643-2CD21817B5E7.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSEA1C6DF7-A9A5-4BC3-AF33-F4EF7E08A142.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSEC228AAC-4C66-4997-80EB-FA174269B5E3.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSF0AC90B5-095B-4FF0-994B-C69D5AF3D2E6.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSF2A09334-8AD0-40D7-8A64-B067FF82FA30.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSF84D3675-6504-4FD1-81B9-6CEBD12DC37C.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSFCE7903E-DA7B-4FEA-9DE0-054965A0DA08.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot\Spy Sweeper\Temp\SSMSFE4881AE-68A5-4273-B36E-319F530DCBA4.tmp Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:15 PM, on 7/2/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\1128345755\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1128345755\ee\AOLServiceHost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1128345755\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe"
O4 - HKLM\..\Run: [HelpCenter] "C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" /P HelpCenter
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} - https://password.bel...oad/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\untitled.JPG
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\tomw3.bmp
O24 - Desktop Component 10: (no name) - http://myspace-155.v...190522155_l.jpg
O24 - Desktop Component 11: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Melly's\icons\pictures\thuglife.JPG
O24 - Desktop Component 12: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Melly's\icons\emoicons\th_2csdwjr.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\cartoon1.gif
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\My Pictures\da3.jpg
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\stars.jpg
O24 - Desktop Component 5: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\bubbles.gif
O24 - Desktop Component 6: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\My Pictures\tink2.gif
O24 - Desktop Component 7: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\mierda\OMG.bmp
O24 - Desktop Component 8: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\Mellys\mierda\bubbles.gif
O24 - Desktop Component 9: (no name) - C:\Documents and Settings\Melinda Roman\My Documents\peace.JPG

--
End of file - 9517 bytes
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download MGADiag.exe to your desktop.

Double-click MGADiag.exe and click Continue in the bottom right of the window to run the tool.

Click the [Copy] button to copy the info to your clipboard.

Then come back here and paste the info in your next reply please.


Also tell me how your PC is running
  • 0

#10
MelR2

MelR2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
hey, well there's definatly no more pop ups, however it's running a little slow

Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-J8BM6-MXPH6-3R2BW
Windows Product Key Hash: YMRVitCEjlJfwDQfjDvm97FbWA4=
Windows Product ID: 55277-OEM-2111907-00103
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.1.0.hom
CSVLK Server: N/A
CSVLK PID: N/A
ID: {67FC6BE9-B7E8-4BE9-BEB6-F7C80333D4FE}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.36.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{67FC6BE9-B7E8-4BE9-BEB6-F7C80333D4FE}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010300.1.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3R2BW</PKey><PID>55277-OEM-2111907-00103</PID><PIDType>2</PIDType><SID>S-1-5-21-1214970204-3266471654-2512236806</SID><SYSTEM><Manufacturer>eMachines, Inc.</Manufacturer><Model>MS-6741</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>Version 07.00T</Version><SMBIOSVersion major="2" minor="3"/><Date>20010402******.******+***</Date><SLPBIOS>EMACHINES</SLPBIOS></BIOS><HWID>5F483C0F0184205B</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>eMachines</name><model>T6000</model></SBID><OEM/><BRT/></MachineData> <Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57101</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>
  • 0

#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image



  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#12
MelR2

MelR2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you so much for all your help :)
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP