Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Firefox.exe process always open [RESOLVED]


  • This topic is locked This topic is locked

#16
global_warning

global_warning

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Here's a fresh HijackThis log:-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:13 PM, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINXP\System32\ups.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\gAlwaysIdle\gidle.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINXP\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - E:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [gidle] "C:\Program Files\gAlwaysIdle\gidle.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: WinFol.exe (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Webshots Photo Search - res://E:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winxp\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11288 bytes
  • 0

Advertisements


#17
global_warning

global_warning

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
OTMoveit2 log:-

< [kill explorer]C:\Program Files\iWin Games\iWinGamesHookIE.dll >
File/Folder [kill explorer]C:\Program Files\iWin Games\iWinGamesHookIE.dll not found.
C:\Program Files\DAP\DAPIEBar.dll unregistered successfully.
C:\Program Files\DAP\DAPIEBar.dll moved successfully.
C:\WINXP\distro_SelectRebatesSetup_um1001.exe moved successfully.
D:\My Music\Incomplete\Preview-T-3200824-07 Track 7.wma moved successfully.
E:\downloads1 moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Powerups moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Projectiles moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Sounds moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Background moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Enemies\Ast01 moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Enemies\Ast02 moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Enemies\BASSShip moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Enemies\Batter moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Enemies\FShip moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Enemies\GShip moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Enemies\Nave1 moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Enemies\PShip moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Enemies\Quader moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Enemies\Skorpio moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Enemies\SkorpioBig moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Enemies\WRShip moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Enemies moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Etc moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Fonts moved successfully.
E:\New Folder\Monkeys Odyssey Demo\HUD moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Menu\Credits moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Menu\DialogDif moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Menu\DialogLeave moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Menu\DialogLoading moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Menu\DialogName moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Menu\DialogOptions moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Menu\DialogPlayers moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Menu\DialogScoreName moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Menu\DialogScoreRetry moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Menu\DialogScoreSend moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Menu\DialogScoreSuccess moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Menu\Highscores moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Menu\HowTo moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Menu\Splash moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Menu moved successfully.
E:\New Folder\Monkeys Odyssey Demo\Players moved successfully.
E:\New Folder\Monkeys Odyssey Demo moved successfully.
E:\New Folder\Jardinains!\help\images moved successfully.
E:\New Folder\Jardinains!\help moved successfully.
E:\New Folder\Jardinains!\data\levels\current moved successfully.
E:\New Folder\Jardinains!\data\levels moved successfully.
E:\New Folder\Jardinains!\data\save moved successfully.
E:\New Folder\Jardinains!\data moved successfully.
E:\New Folder\Jardinains!\images moved successfully.
E:\New Folder\Jardinains!\music moved successfully.
E:\New Folder\Jardinains!\sound moved successfully.
E:\New Folder\Jardinains! moved successfully.
E:\New Folder\ElastoMania111\Lev moved successfully.
E:\New Folder\ElastoMania111\Lgr moved successfully.
E:\New Folder\ElastoMania111\Rec moved successfully.
E:\New Folder\ElastoMania111 moved successfully.
E:\New Folder moved successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\MAULIK\LOCALS~1\Temp\Perflib_Perfdata_24c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MAULIK\LOCALS~1\Temp\etilqs_ysgIgUL7OlxLDwkGgeIS scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07252008_111228

Files moved on Reboot...
File C:\DOCUME~1\MAULIK\LOCALS~1\Temp\Perflib_Perfdata_24c.dat not found!
File C:\DOCUME~1\MAULIK\LOCALS~1\Temp\etilqs_ysgIgUL7OlxLDwkGgeIS not found!

----------------------------------------------------------------------------------------------------------------------

Dr.Web.CureIt log:-

gendel32.exe;C:\;Tool.Gendel;;
RegOpt.exe;C:\Program Files\WinASO\Registry Optimizer 2.8;Probably STPAGE.Trojan;;
ycomp.dll;C:\Program Files\Yahoo!\Messenger;Probably DLOADER.Trojan;;
RegUBP2b-MAULIK.reg;C:\Documents And Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
StressReducerTools.exe;C:\Documents And Settings\MAULIK\Desktop;Joke.Puncher;;
A0186967.reg;C:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450;Trojan.StartPage.1505;Deleted.;
mwsSetup.Zwinky.exe\data003;C:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450\A0186988.exe\data001\mwsSetup.Zwinky.exe;Probably DLOADER.PWS.Trojan;;
mwsSetup.Zwinky.exe\data005;C:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450\A0186988.exe\data001\mwsSetup.Zwinky.exe;Adware.MWS.origin;;
mwsSetup.Zwinky.exe;C:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450\A0186988.exe\data001;Archive contains infected objects;;
data001;C:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450\A0186988.exe;Archive contains infected objects;;
data002\mwsSrcSp.CommonCodebase.exe;C:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450\A0186988.exe\data002;Adware.Websearch.13;;
data002;C:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450\A0186988.exe;Archive contains infected objects;;
A0186988.exe;C:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450;Archive contains infected objects;Moved.;
SecSystem.exe;C:\_OTMoveIt\MovedFiles\07222008_211413\WINXP\system32;Trojan.Inject.549;Deleted.;
RSecSystem.exe;C:\_OTMoveIt\MovedFiles\07222008_211413\Documents and Settings\RCMISHRA\Application Data;Trojan.Inject.549;Deleted.;
distro_SelectRebatesSetup_um1001.exe;C:\_OTMoveIt\MovedFiles\07252008_111228\WINXP;Adware.SAHAgent;;
Preview-T-3200824-07 Track 7.wma;C:\_OTMoveIt\MovedFiles\07252008_111228\My Music\Incomplete;Trojan.DownLoader.61860;Deleted.;
Install-MSN-Names.exe\data006;C:\_OTMoveIt\MovedFiles\07252008_111228\New Folder\Install-MSN-Names.exe;Adware.nCase;;
data007\whAgent.exe;C:\_OTMoveIt\MovedFiles\07252008_111228\New Folder\Install-MSN-Names.exe\data007;Adware.WebHancer;;
data007\whInstaller.exe;C:\_OTMoveIt\MovedFiles\07252008_111228\New Folder\Install-MSN-Names.exe\data007;Adware.WebHancer;;
data007\whSurvey.exe;C:\_OTMoveIt\MovedFiles\07252008_111228\New Folder\Install-MSN-Names.exe\data007;Adware.WebHancer;;
data007\webhdll.dll;C:\_OTMoveIt\MovedFiles\07252008_111228\New Folder\Install-MSN-Names.exe\data007;Adware.WebHancer;;
data007\whiehlpr.dll;C:\_OTMoveIt\MovedFiles\07252008_111228\New Folder\Install-MSN-Names.exe\data007;Adware.WebHancer;;
data007;C:\_OTMoveIt\MovedFiles\07252008_111228\New Folder\Install-MSN-Names.exe;Archive contains infected objects;;
Install-MSN-Names.exe;C:\_OTMoveIt\MovedFiles\07252008_111228\New Folder;Archive contains infected objects;Moved.;
07 Track 7.wma;D:\My Music\latest;Trojan.DownLoader.61860;Deleted.;
T-5745425-days of the phoenix.mp3;D:\My Music\latest\Incomplete;Trojan.Click.18899;Incurable.Moved.;
regopt28.exe\data001;E:\downloads\regopt28.exe;Probably STPAGE.Trojan;;
regopt28.exe;E:\downloads;Archive contains infected objects;Moved.;
RemoveWGA.exe;E:\downloads;Tool.RemoveWGA;;
A0186928.exe\data006;E:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450\A0186928.exe;Adware.nCase;;
data007\whAgent.exe;E:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450\A0186928.exe\data007;Adware.WebHancer;;
data007\whInstaller.exe;E:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450\A0186928.exe\data007;Adware.WebHancer;;
data007\whSurvey.exe;E:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450\A0186928.exe\data007;Adware.WebHancer;;
data007\webhdll.dll;E:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450\A0186928.exe\data007;Adware.WebHancer;;
data007\whiehlpr.dll;E:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450\A0186928.exe\data007;Adware.WebHancer;;
data007;E:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450\A0186928.exe;Archive contains infected objects;;
A0186928.exe;E:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450;Archive contains infected objects;Moved.;
A0187049.exe\data001;E:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450\A0187049.exe;Probably STPAGE.Trojan;;
A0187049.exe;E:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP450;Archive contains infected objects;Moved.;
  • 0

#18
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey global_warning,

Your logs look clean to me, I guess you are ready to go. :)

1) Clean up with OTMoveIt2

Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

* Click on the CleanUp! button
* A list of tool components used in the Cleanup of malware will be downloaded.
* If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
* Click Yes to begin the Cleanup process and remove these components, including this application.
* You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

2) Clean up System Restore

  • Right click on "My Computer" and click on "Properties".
  • Go to "System Restore" tab and check "Turn off System Restore on all drives". Click "Yes" at the prompt. (Wait a while for it to finish)
  • Then UNcheck "Turn off System Restore on all drives". Click "Yes" at the prompt. (Wait a while for it to finish)
  • Your System Restore is now turned on.

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

You should also have a good firewall. Here are 3 free ones available for personal use:

It is critical to have only ONE firewall and anti virus to protect your system and to keep them updated.

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Please post back telling me how your computer is doing, so I can ask a staff to mark this as resolved.
  • 0

#19
global_warning

global_warning

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Thats good to hear.

I'll follow all your recommendations to the letter.

Thanks again for all the help. :)
  • 0

#20
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Your welcome, glad to be of help. Safe surfing! :)

LT
  • 0

#21
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP