Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Have Virus, Spyware or Trojan - Need help with removal

Started by Greg86 , Jul 13 2008 10:07 AM

  • Please log in to reply

#16
kahdah
Posted 20 July 2008 - 02:16 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Did you copy this part as well?
Files to delete:
  • 0

Advertisements

#17
Greg86
Posted 20 July 2008 - 02:29 PM

Greg86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Attached are the avenger log and a new dss log.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Sun Jul 20 15:09:33 2008

15:09:33: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Sun Jul 20 15:09:46 2008

15:09:46: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Sun Jul 20 15:12:38 2008

15:12:38: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Sun Jul 20 15:13:00 2008

15:13:00: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "clbdriver" found!
ImagePath: \??\globalroot\systemroot\system32\drivers\vmdesched.sys
Start Type: 1 (System)

Rootkit scan completed.

File "C:\WINDOWS\system32\fccywtqP.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Deckard's System Scanner v20071014.68
Run by Gregory Schellhaas on 2008-07-20 15:26:06
Computer is in Safe Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Gregory Schellhaas.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:23 PM, on 7/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Gregory Schellhaas\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\GREGOR~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lsu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {43FCD2CF-5569-4208-97D2-52748E0EF6A0} - C:\WINDOWS\system32\fccywtqP.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [OTScanIt] C:\Documents and Settings\Gregory Schellhaas\Desktop\Nothing.exe
O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://photos.walmar...martActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1213051767499
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188350965096
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pears...ces/ax/stub.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: fccywtqP - fccywtqP.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AffinegyService - Affinegy LLC - C:\Program Files\COX\InstaLAN\AffinegyService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RaySat_3dsmax8 Server (RaySat_3dsmax8Server) - Unknown owner - C:\Program Files\Autodesk\VIZ2007\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 9517 bytes

-- Files created between 2008-06-20 and 2008-07-20 -----------------------------

2008-07-20 15:20:13 135168 --a------ C:\zip.exe
2008-07-20 15:20:13 19286 --a------ C:\cleanup.exe
2008-07-20 15:20:13 574 --a------ C:\cleanup.bat
2008-07-20 11:27:59 129004818 --a------ C:\registrybackup.reg
2008-07-11 10:28:19 0 d-------- C:\WINDOWS\LastGood.Tmp


-- Find3M Report ---------------------------------------------------------------

2008-06-15 21:58:57 0 d-------- C:\Documents and Settings\Gregory Schellhaas\Application Data\AdobeUM
2008-06-14 10:06:22 0 d-------- C:\Program Files\Google
2008-06-12 21:21:25 1160 --a------ C:\WINDOWS\mozver.dat
2008-06-12 21:20:22 0 d-------- C:\Documents and Settings\Gregory Schellhaas\Application Data\Mozilla
2008-06-12 20:47:37 0 d-------- C:\Program Files\Java
2008-06-12 20:46:32 0 d-------- C:\Program Files\Common Files
2008-06-12 20:46:32 0 d-------- C:\Program Files\Common Files\Java
2008-06-12 19:37:52 0 d-------- C:\Program Files\Messenger
2008-06-12 19:36:32 0 d-------- C:\Program Files\Movie Maker
2008-06-12 19:29:01 0 d-------- C:\Program Files\Windows NT
2008-06-12 11:57:19 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-11 18:52:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 11:55:14 0 d-------- C:\Documents and Settings\Gregory Schellhaas\Application Data\LimeWire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FCD2CF-5569-4208-97D2-52748E0EF6A0}]
C:\WINDOWS\system32\fccywtqP.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 05:59 AM C:\WINDOWS\BCMSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/05/2005 09:05 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [03/15/2004 01:04 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 10:32 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"updateMgr"="c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"OTScanIt"=C:\Documents and Settings\Gregory Schellhaas\Desktop\Nothing.exe
"Cleanup"=C:\cleanup.exe

C:\Documents and Settings\Gregory Schellhaas\Start Menu\Programs\Startup\
DESKTOP.INI [3/20/2004 12:58:38 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [3/20/2004 12:58:38 PM]
Wireless-G Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe [8/5/2006 10:58:41 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{43FCD2CF-5569-4208-97D2-52748E0EF6A0}"= C:\WINDOWS\system32\fccywtqP.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccywtqP]
fccywtqP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InstaLAN.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InstaLAN.lnk
backup=C:\WINDOWS\pss\InstaLAN.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gregory Schellhaas^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Gregory Schellhaas\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
"C:\Program Files\IObit\IObit SmartDefrag\IsdNew.exe" /StartUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"c:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-20 15:28:00 ------------
  • 0

#18
kahdah
Posted 20 July 2008 - 02:40 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#19
Greg86
Posted 20 July 2008 - 02:44 PM

Greg86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I downloaded combofix to a flash drive then transfered it to my desktop since I have to do all of your instructions in safe mode and dont have access to the internet.

I cant run combofix. It is not doing anything just like OTMoveIt2 did when I clicked on it. Once I renamed OTMoveIt2 to (Nothing) as per your request it worked. Can I rename combofix even though it says to never rename it unless instructed?
  • 0

#20
kahdah
Posted 20 July 2008 - 02:56 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes please rename it to nothing then try to run it.
I am not quite sure about the internet issue though.
We will see about that after we get the rootkit that is present off of your computer.
  • 0

#21
Greg86
Posted 20 July 2008 - 03:24 PM

Greg86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Attached is the combofix log.


ComboFix 08-07-20.2 - Gregory Schellhaas 2008-07-20 16:03:46.5 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.322 [GMT -5:00]
Running from: C:\Documents and Settings\Gregory Schellhaas\Desktop\Nothing.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMe33ececc.txt
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbdll.old
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\drivers\clbdriver.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER


((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))
.

2008-07-20 11:27 . 2008-07-20 11:28 129,004,818 --a------ C:\registrybackup.reg
2008-07-17 18:33 . 2008-07-17 18:33 <DIR> d-------- C:\_OTMoveIt
2008-07-15 11:58 . 2008-07-15 11:58 <DIR> d-------- C:\Deckard
2008-07-11 10:33 . 2008-07-17 18:33 4,722 --ahs---- C:\WINDOWS\SYSTEM32\NUDcLRqr.ini
2008-07-11 10:28 . 2008-07-11 10:28 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-07-11 10:27 . 2004-03-19 17:34 4,224 --a------ C:\WINDOWS\SYSTEM32\beep.sys
2008-07-11 10:25 . 2008-07-11 10:25 90,838 --a------ C:\WINDOWS\SYSTEM32\phctwvj0er1g.bmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 20:58 159,236 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-20 20:58 14,854,176 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-11 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-16 02:58 --------- d-----w C:\Documents and Settings\Gregory Schellhaas\Application Data\AdobeUM
2008-06-14 15:06 --------- d-----w C:\Program Files\Google
2008-06-13 01:47 --------- d-----w C:\Program Files\Java
2008-06-13 01:46 --------- d-----w C:\Program Files\Common Files\Java
2008-06-13 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-11 23:52 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 00:02 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-11 00:02 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-06-08 16:55 --------- d-----w C:\Documents and Settings\Gregory Schellhaas\Application Data\LimeWire
2006-04-26 11:35 119,496 -c--a-w C:\Documents and Settings\Gregory Schellhaas\Application Data\GDIPFONTCACHEV1.DAT
1997-06-23 17:06 252,176 --sha-w C:\WINDOWS\SYSTEM32\Msrd2x35.dll
1997-06-23 17:06 287,504 --sha-w C:\WINDOWS\SYSTEM32\Msxbse35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"updateMgr"="c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 21:05 339968]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 05:59 122880 C:\WINDOWS\BCMSMMSG.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless-G Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe [2006-08-05 22:58:41 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InstaLAN.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InstaLAN.lnk
backup=C:\WINDOWS\pss\InstaLAN.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Gregory Schellhaas^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Gregory Schellhaas\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 20:52 483328 C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a--c--- 2004-02-02 15:32 155648 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a--c--- 2004-03-04 20:59 487424 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2004-04-11 11:43 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
--a------ 2008-04-09 15:11 1758464 C:\Program Files\IObit\IObit SmartDefrag\IsdNew.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-01-11 18:54 166304 c:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\COX\\InstaLAN\\InstaLAN.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\VIZ2007\\mentalray\\satellite\\raysat_3dsmax8.exe"=
"C:\\Program Files\\Autodesk\\VIZ2007\\mentalray\\satellite\\raysat_3dsmax8server.exe"=
"C:\\Program Files\\Autodesk\\VIZ2007\\3dsviz.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S0 hrghe;hrghe;C:\WINDOWS\system32\drivers\waywnztr.sys []
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 13:31]
S2 AffinegyService;AffinegyService;C:\Program Files\COX\InstaLAN\AffinegyService.exe [2006-02-26 15:29]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 13:35]
S2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]
S2 RaySat_3dsmax8Server;RaySat_3dsmax8 Server;C:\Program Files\Autodesk\VIZ2007\mentalray\satellite\raysat_3dsmax8server.exe [2006-03-24 14:55]
S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-13 19:12]
S2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
S2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
S3 AFGSp50;AFGSp50 NDIS Protocol Driver;c:\windows\system32\AFGSp50.SYS [2005-11-07 17:42]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;C:\WINDOWS\system32\DRIVERS\tnet1130x.sys [2005-03-21 14:40]
S3 WCG200V2XP;Linksys WCG200 ver. 2 Wireless-G Cable Gateway;C:\WINDOWS\system32\DRIVERS\WCG200V2XP.sys [2005-03-21 14:40]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
- - - - ORPHANS REMOVED - - - -

BHO-{43FCD2CF-5569-4208-97D2-52748E0EF6A0} - C:\WINDOWS\system32\fccywtqP.dll
ShellExecuteHooks-{43FCD2CF-5569-4208-97D2-52748E0EF6A0} - C:\WINDOWS\system32\fccywtqP.dll
Notify-fccywtqP - fccywtqP.dll
MSConfigStartUp-BearShare - C:\Program Files\BearShare\BearShare.exe
MSConfigStartUp-mmtask - c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
MSConfigStartUp-MMTray - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
MSConfigStartUp-PCMService - C:\Program Files\Dell\Media Experience\PCMService.exe
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\qttask.exe
MSConfigStartUp-TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.lsu.edu/
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O16 -: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
C:\WINDOWS\Downloaded Program Files\stub.inf
C:\WINDOWS\Downloaded Program Files\stub.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 16:15:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
.
**************************************************************************
.
Completion time: 2008-07-20 16:22:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-20 21:22:40
ComboFix2.txt 2008-06-11 22:37:34

Pre-Run: 20,046,327,808 bytes free
Post-Run: 19,993,214,976 bytes free

210
  • 0

#22
kahdah
Posted 20 July 2008 - 07:06 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
hrghe

File::
C:\WINDOWS\system32\drivers\waywnztr.sys


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#23
Greg86
Posted 20 July 2008 - 08:00 PM

Greg86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Kahdah,

Attached is a new HiJackThis log and the Combofix log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:27 PM, on 7/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lsu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://photos.walmar...martActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1213051767499
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188350965096
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pears...ces/ax/stub.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AffinegyService - Affinegy LLC - C:\Program Files\COX\InstaLAN\AffinegyService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RaySat_3dsmax8 Server (RaySat_3dsmax8Server) - Unknown owner - C:\Program Files\Autodesk\VIZ2007\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 9210 bytes



ComboFix 08-07-20.2 - Gregory Schellhaas 2008-07-20 20:39:06.6 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.329 [GMT -5:00]
Running from: C:\Documents and Settings\Gregory Schellhaas\Desktop\nothing.exe
Command switches used :: C:\Documents and Settings\Gregory Schellhaas\Desktop\CFScript.txt

FILE ::
C:\WINDOWS\system32\drivers\waywnztr.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\phctwvj0er1g.bmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hrghe


((((((((((((((((((((((((( Files Created from 2008-06-21 to 2008-07-21 )))))))))))))))))))))))))))))))
.

2008-07-20 11:27 . 2008-07-20 11:28 129,004,818 --a------ C:\registrybackup.reg
2008-07-17 18:33 . 2008-07-17 18:33 <DIR> d-------- C:\_OTMoveIt
2008-07-15 11:58 . 2008-07-15 11:58 <DIR> d-------- C:\Deckard
2008-07-11 10:33 . 2008-07-17 18:33 4,722 --ahs---- C:\WINDOWS\SYSTEM32\NUDcLRqr.ini
2008-07-11 10:28 . 2008-07-11 10:28 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-07-11 10:27 . 2004-03-19 17:34 4,224 --a------ C:\WINDOWS\SYSTEM32\beep.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 20:58 159,236 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-20 20:58 14,854,176 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-11 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-16 02:58 --------- d-----w C:\Documents and Settings\Gregory Schellhaas\Application Data\AdobeUM
2008-06-14 15:06 --------- d-----w C:\Program Files\Google
2008-06-13 01:47 --------- d-----w C:\Program Files\Java
2008-06-13 01:46 --------- d-----w C:\Program Files\Common Files\Java
2008-06-13 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-11 23:52 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 00:02 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-11 00:02 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-06-08 16:55 --------- d-----w C:\Documents and Settings\Gregory Schellhaas\Application Data\LimeWire
2006-04-26 11:35 119,496 -c--a-w C:\Documents and Settings\Gregory Schellhaas\Application Data\GDIPFONTCACHEV1.DAT
1997-06-23 17:06 252,176 --sha-w C:\WINDOWS\SYSTEM32\Msrd2x35.dll
1997-06-23 17:06 287,504 --sha-w C:\WINDOWS\SYSTEM32\Msxbse35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"updateMgr"="c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 21:05 339968]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 05:59 122880 C:\WINDOWS\BCMSMMSG.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless-G Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe [2006-08-05 22:58:41 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InstaLAN.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InstaLAN.lnk
backup=C:\WINDOWS\pss\InstaLAN.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Gregory Schellhaas^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Gregory Schellhaas\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 20:52 483328 C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a--c--- 2004-02-02 15:32 155648 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a--c--- 2004-03-04 20:59 487424 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2004-04-11 11:43 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
--a------ 2008-04-09 15:11 1758464 C:\Program Files\IObit\IObit SmartDefrag\IsdNew.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-01-11 18:54 166304 c:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\COX\\InstaLAN\\InstaLAN.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\VIZ2007\\mentalray\\satellite\\raysat_3dsmax8.exe"=
"C:\\Program Files\\Autodesk\\VIZ2007\\mentalray\\satellite\\raysat_3dsmax8server.exe"=
"C:\\Program Files\\Autodesk\\VIZ2007\\3dsviz.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 13:31]
S2 AffinegyService;AffinegyService;C:\Program Files\COX\InstaLAN\AffinegyService.exe [2006-02-26 15:29]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 13:35]
S2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]
S2 RaySat_3dsmax8Server;RaySat_3dsmax8 Server;C:\Program Files\Autodesk\VIZ2007\mentalray\satellite\raysat_3dsmax8server.exe [2006-03-24 14:55]
S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-13 19:12]
S2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
S2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
S3 AFGSp50;AFGSp50 NDIS Protocol Driver;c:\windows\system32\AFGSp50.SYS [2005-11-07 17:42]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;C:\WINDOWS\system32\DRIVERS\tnet1130x.sys [2005-03-21 14:40]
S3 WCG200V2XP;Linksys WCG200 ver. 2 Wireless-G Cable Gateway;C:\WINDOWS\system32\DRIVERS\WCG200V2XP.sys [2005-03-21 14:40]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 20:49:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
.
**************************************************************************
.
Completion time: 2008-07-20 20:56:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-21 01:56:49
ComboFix2.txt 2008-07-20 21:22:49
ComboFix3.txt 2008-06-11 22:37:34

Pre-Run: 20,009,332,736 bytes free
Post-Run: 19,988,946,944 bytes free

182
  • 0

#24
kahdah
Posted 20 July 2008 - 08:09 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please click here to download AVRT by Kaspersky.
  • Save it to your desktop and double click it to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

[1.] System Memory
[2.] Startup Objects
[3.] Disk Boot Sectors.
[4.] My Computer.
[5.] Also any other drives (Removable that you may have)

  • Then click on Scan ath the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left unneutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

  • 0

#25
Greg86
Posted 23 July 2008 - 11:08 AM

Greg86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Attached is the Kaspersky Virus scan log.

Scan
----
Scanned: 1105074
Detected: 38
Untreated: 0
Start time: 7/22/2008 11:18:20 AM
Duration: 1 days 00:35:36
Finish time: 7/23/2008 11:53:56 AM


Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan.Win32.Mondera.gen File: C:\Program Files\Trend Micro\HijackThis\backups\backup-20080611-171433-926.dll
deleted: Trojan program Trojan.Win32.Monderb.gen File: C:\Program Files\Trend Micro\HijackThis\backups\backup-20080720-113412-770.dll
deleted: Trojan program Rootkit.Win32.Clbd.ey File: C:\QooBox\Quarantine\catchme2008-07-20_160853.42.zip/clbdll.dll
deleted: Trojan program Trojan.Win32.Monderb.gen File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0045256.dll
deleted: Trojan program Trojan.Win32.Mondera.gen File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0046372.dll
deleted: Trojan program Trojan.Win32.Monderb.gen File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0046373.dll
deleted: Trojan program Trojan.Win32.Vapsup.iju File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0046374.exe
deleted: Trojan program Trojan.Win32.Vapsup.ika File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0046375.dll
deleted: Trojan program Trojan.Win32.Vapsup.iju File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0046376.dll
deleted: Trojan program Trojan.Win32.Vapsup.ijo File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0046377.exe
deleted: Trojan program Trojan.Win32.Vapsup.ijz File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0046378.dll
deleted: Trojan program Trojan.Win32.Vapsup.iib File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0046379.dll
deleted: Trojan program Trojan.Win32.Monderb.gen File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0046380.dll
deleted: Trojan program Trojan.Win32.Monderb.gen File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0046381.dll
deleted: Trojan program Trojan.Win32.Monderb.gen File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0046382.dll
deleted: Trojan program Trojan.Win32.Monderb.gen File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0046383.dll
deleted: Trojan program Trojan.Win32.Mondera.gen File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0048372.dll
deleted: Trojan program Trojan.Win32.Monderb.gen File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0048373.dll
deleted: Trojan program Trojan.Win32.Vapsup.iju File: C:\_OTMoveIt\MovedFiles\07172008_183338\WINDOWS\eorp.exe
deleted: Trojan program Trojan.Win32.Vapsup.ika File: C:\_OTMoveIt\MovedFiles\07172008_183338\WINDOWS\fdxbameg.dll
deleted: Trojan program Trojan.Win32.Vapsup.iju File: C:\_OTMoveIt\MovedFiles\07172008_183338\WINDOWS\fsrpknov.dll
deleted: Trojan program Trojan.Win32.Vapsup.ijo File: C:\_OTMoveIt\MovedFiles\07172008_183338\WINDOWS\gpefaowr.exe
deleted: Trojan program Trojan.Win32.Vapsup.ijz File: C:\_OTMoveIt\MovedFiles\07172008_183338\WINDOWS\sqvgnrpx.dll
deleted: Trojan program Trojan.Win32.Vapsup.iib File: C:\_OTMoveIt\MovedFiles\07172008_183338\WINDOWS\wbxdpgfentg.dll
deleted: Trojan program Trojan.Win32.Monderb.gen File: C:\_OTMoveIt\MovedFiles\07172008_183338\WINDOWS\system32\byXQGvss.dll
deleted: Trojan program Trojan.Win32.Monderb.gen File: C:\_OTMoveIt\MovedFiles\07172008_183338\WINDOWS\system32\iiffDTLb.dll
deleted: Trojan program Trojan.Win32.Monderb.gen File: C:\_OTMoveIt\MovedFiles\07172008_183338\WINDOWS\system32\rqRLcDUN.dll
deleted: Trojan program Trojan.Win32.Monderb.gen File: C:\_OTMoveIt\MovedFiles\07172008_183338\WINDOWS\system32\yayyVnLd.dll
deleted: Trojan program Trojan.Win32.Vapsup.iju File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0048374.exe
deleted: Trojan program Trojan.Win32.Vapsup.ika File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0048375.dll
deleted: Trojan program Trojan.Win32.Vapsup.iju File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0048376.dll
deleted: Trojan program Trojan.Win32.Vapsup.ijo File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0048377.exe
deleted: Trojan program Trojan.Win32.Vapsup.ijz File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0048378.dll
deleted: Trojan program Trojan.Win32.Vapsup.iib File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0048379.dll
deleted: Trojan program Trojan.Win32.Monderb.gen File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0048380.dll
deleted: Trojan program Trojan.Win32.Monderb.gen File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0048381.dll
deleted: Trojan program Trojan.Win32.Monderb.gen File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0048382.dll
deleted: Trojan program Trojan.Win32.Monderb.gen File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP56\A0048383.dll
  • 0

Advertisements

#26
kahdah
Posted 23 July 2008 - 11:30 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Okay good please post a new dss log and let me know how things are running.
  • 0

#27
Greg86
Posted 23 July 2008 - 08:36 PM

Greg86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
My screen does not have that blue and yellow box anymore and my bottom toolbar is now working again. My computer is running good.

If there is nothing else I should do, what are some precautions I should take to prevent this from happening again. What antivirus, antimalware, antispyware programs should I be running?

Thanks for all of your help in fixing this problem.

Attached is a new DSS Log.

Deckard's System Scanner v20071014.68
Run by Gregory Schellhaas on 2008-07-23 21:25:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Gregory Schellhaas.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:10 PM, on 7/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\COX\InstaLAN\AffinegyService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Autodesk\VIZ2007\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Documents and Settings\Gregory Schellhaas\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\GREGOR~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lsu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [is-RNE2T] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RNE2T\is-RNE2T.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://photos.walmar...martActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1213051767499
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188350965096
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pears...ces/ax/stub.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AffinegyService - Affinegy LLC - C:\Program Files\COX\InstaLAN\AffinegyService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: is-4K3TV - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-4K3TV\is-4K3TV.exe (file missing)
O23 - Service: is-OPQ8L - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-OPQ8L\is-OPQ8L.exe (file missing)
O23 - Service: is-RNE2T - Kaspersky Lab - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RNE2T\is-RNE2T.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RaySat_3dsmax8 Server (RaySat_3dsmax8Server) - Unknown owner - C:\Program Files\Autodesk\VIZ2007\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 11350 bytes

-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-20 16:02:16 68096 --a------ C:\WINDOWS\zip.exe
2008-07-20 16:02:16 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-20 16:02:16 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-20 16:02:16 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-20 16:02:16 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-20 16:02:16 98816 --a------ C:\WINDOWS\sed.exe
2008-07-20 16:02:16 80412 --a------ C:\WINDOWS\grep.exe
2008-07-20 16:02:16 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-20 11:27:59 129004818 --a------ C:\registrybackup.reg


-- Find3M Report ---------------------------------------------------------------

2008-06-15 21:58:57 0 d-------- C:\Documents and Settings\Gregory Schellhaas\Application Data\AdobeUM
2008-06-14 10:06:22 0 d-------- C:\Program Files\Google
2008-06-12 21:21:25 1160 --a------ C:\WINDOWS\mozver.dat
2008-06-12 21:20:22 0 d-------- C:\Documents and Settings\Gregory Schellhaas\Application Data\Mozilla
2008-06-12 20:47:37 0 d-------- C:\Program Files\Java
2008-06-12 20:46:32 0 d-------- C:\Program Files\Common Files
2008-06-12 20:46:32 0 d-------- C:\Program Files\Common Files\Java
2008-06-12 19:37:52 0 d-------- C:\Program Files\Messenger
2008-06-12 19:36:32 0 d-------- C:\Program Files\Movie Maker
2008-06-12 19:29:01 0 d-------- C:\Program Files\Windows NT
2008-06-12 11:57:19 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-11 18:52:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 11:55:14 0 d-------- C:\Documents and Settings\Gregory Schellhaas\Application Data\LimeWire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 05:59 AM C:\WINDOWS\BCMSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/05/2005 09:05 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [03/15/2004 01:04 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 10:32 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"is-RNE2T"="C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-RNE2T\is-RNE2T.exe" [06/07/2008 03:26 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"updateMgr"="c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

C:\Documents and Settings\Gregory Schellhaas\Start Menu\Programs\Startup\
DESKTOP.INI [3/20/2004 12:58:38 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [3/20/2004 12:58:38 PM]
Wireless-G Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe [8/5/2006 10:58:41 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InstaLAN.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InstaLAN.lnk
backup=C:\WINDOWS\pss\InstaLAN.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gregory Schellhaas^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Gregory Schellhaas\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
"C:\Program Files\IObit\IObit SmartDefrag\IsdNew.exe" /StartUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"c:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
napagent
hkmsvc

*Newly Created Service* - IS-RNE2T



-- End of Deckard's System Scanner: finished at 2008-07-23 21:28:25 ------------
  • 0

#28
kahdah
Posted 24 July 2008 - 09:08 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You can delete the Kaspersky folder from off of your desktop.
==========================================
Cleanup::
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
===============
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
=====================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP