Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I've got a Trojan [RESOLVED]

Started by Lovltn848 , Jul 20 2008 04:04 PM

  • This topic is locked This topic is locked

#16
Lovltn848
Posted 22 July 2008 - 09:12 PM

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 237 posts
Here's MBAM so far. I'll do Kaspersky now and post that tomorrow.

Malwarebytes' Anti-Malware 1.22
Database version: 981
Windows 5.1.2600 Service Pack 2

9:10:23 PM 7/22/2008
mbam-log-7-22-2008 (21-10-23).txt

Scan type: Quick Scan
Objects scanned: 40174
Time elapsed: 22 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\antivirus2008y (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antivirus2008y (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#17
Lovltn848
Posted 23 July 2008 - 12:15 PM

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 237 posts
Here's Kaspersky and HijackThis

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 23, 2008 12:08:12 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/07/2008
Kaspersky Anti-Virus database records: 890768
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 96785
Number of viruses found: 4
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 10:56:02

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{186AE334-FD3F-43EE-99D4-B497983B57D4}\RP141\change.log Object is locked skipped
D:\System Volume Information\_restore{186AE334-FD3F-43EE-99D4-B497983B57D4}\RP141\change.log Object is locked skipped
D:\SDFix\backups_old2\backups.zip/backups/cru629.dat Infected: Backdoor.Win32.Small.cwg skipped
D:\SDFix\backups_old2\backups.zip ZIP: infected - 1 skipped
D:\SDFix\backups_old1\backups.zip/backups/cru629.dat Infected: Backdoor.Win32.Small.cwg skipped
D:\SDFix\backups_old1\backups.zip ZIP: infected - 1 skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
D:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
D:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SYSTEM Object is locked skipped
D:\WINDOWS\system32\config\DEFAULT Object is locked skipped
D:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
D:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
D:\WINDOWS\system32\config\Applicat.evt Object is locked skipped
D:\WINDOWS\system32\config\Security.evt Object is locked skipped
D:\WINDOWS\system32\config\System.evt Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
D:\WINDOWS\Temp\Perflib_Perfdata_b8.dat Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\SchedLgU.Txt Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\SoftwareDistribution\EventCache\{1CE13E04-F702-4C25-A84F-65626AD0D4E2}.bin Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
D:\Documents and Settings\Lauren\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Lauren\Local Settings\History\History.IE5\MSHist012008072320080724\index.dat Object is locked skipped
D:\Documents and Settings\Lauren\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Lauren\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Lauren\Local Settings\Temp\~DFBD8D.tmp Object is locked skipped
D:\Documents and Settings\Lauren\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Lauren\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-7-22-2008( 20-17-23 ).LOG Object is locked skipped
D:\Documents and Settings\Lauren\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Lauren\Incomplete\T-996034-Adobe PhotoShop 9.0 CS2.zip/Setup.exe Infected: Worm.Win32.VB.an skipped
D:\Documents and Settings\Lauren\Incomplete\T-996034-Adobe PhotoShop 9.0 CS2.zip ZIP: infected - 1 skipped
D:\Documents and Settings\Lauren\ntuser.dat Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
G:\System Volume Information\_restore{186AE334-FD3F-43EE-99D4-B497983B57D4}\RP142\change.log Object is locked skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
G:\World of Warcraft\WoW-2.1.0.6692-to-2.1.0.6729-enUS-downloader.exe Infected: Trojan-GameThief.Win32.WOW.blp skipped
G:\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe Infected: Trojan-GameThief.Win32.WOW.bki skipped

Scan process completed.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:02 PM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
G:\AdAware\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\IObit SmartDefrag\IObit SmartDefrag.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
G:\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\RUNDLL32.EXE
G:\SuperAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Tiny Personal Firewall\persfw.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\iPod\bin\iPodService.exe
G:\SlimBrowser\sbrowser.exe
G:\Trillian\trillian.exe
G:\HijackThis!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SmartDefrag] "G:\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [iTunesHelper] G:\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Antivirus2008y] D:\Program Files\Antivirus2008y\antvrs.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Microsoft Office PRO\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - D:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sur...e/w4sgeen10.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay11...es/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188675217674
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - G:\SuperAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\AdAware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - D:\Program Files\Tiny Personal Firewall\persfw.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - G:\XBox 360 Controller\pinnacle_updater.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9396 bytes
  • 0

#18
emeraldnzl
Posted 24 July 2008 - 12:57 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Lovltn848,

Looking much better now.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [Antivirus2008y] D:\Program Files\Antivirus2008y\antvrs.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Next

Kaspersky found some left over files that need removal.

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    D:\Documents and Settings\Lauren\Incomplete\T-996034-Adobe PhotoShop 9.0 CS2.zip
D:\Documents and Settings\Lauren\Incomplete\T-415236618-Adobe Photoshop 7.0 FULL (+serial).zip
D:\Documents and Settings\Lauren\Incomplete\T-996034-Adobe PhotoShop 9.0 CS2.zip
G:\World of Warcraft\WoW-2.1.0.6692-to-2.1.0.6729-enUS-downloader.exe
G:\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

So when you come back please post the OTMoveIt2 log. Hopefully things will go smoothly this time.

So when you come back please post
  • OTMoveIt2 log
  • and a new HijackThis log
  • 0

#19
Lovltn848
Posted 24 July 2008 - 01:04 PM

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 237 posts
D:\Documents and Settings\Lauren\Incomplete\T-996034-Adobe PhotoShop 9.0 CS2.zip moved successfully.
D:\Documents and Settings\Lauren\Incomplete\T-415236618-Adobe Photoshop 7.0 FULL (+serial).zip moved successfully.
File/Folder D:\Documents and Settings\Lauren\Incomplete\T-996034-Adobe PhotoShop 9.0 CS2.zip not found.
G:\World of Warcraft\WoW-2.1.0.6692-to-2.1.0.6729-enUS-downloader.exe moved successfully.
G:\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07242008_130258


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:38 PM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
G:\AdAware\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Tiny Personal Firewall\persfw.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\IObit SmartDefrag\IObit SmartDefrag.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
G:\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\RUNDLL32.EXE
G:\SuperAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
G:\Trillian\trillian.exe
D:\Program Files\Mozilla Firefox\firefox.exe
G:\HijackThis!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SmartDefrag] "G:\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [iTunesHelper] G:\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = G:\Microsoft Office PRO\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - D:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sur...e/w4sgeen10.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay11...es/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188675217674
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - G:\SuperAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\AdAware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - D:\Program Files\Tiny Personal Firewall\persfw.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - G:\XBox 360 Controller\pinnacle_updater.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9366 bytes
  • 0

#20
emeraldnzl
Posted 24 July 2008 - 03:14 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again Lovltn848,

Still finding the odd thing. Looking very good though, nearly there. :)

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sur...e/w4sgeen10.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Now for a last check before we go to clean up.

Next

Run Deckards System Scanner again.

This time there will only be one log.

* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, dss will open Notepad .txt please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents in your next reply.
  • 0

#21
Lovltn848
Posted 24 July 2008 - 04:01 PM

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 237 posts
Deckard's System Scanner v20071014.68
Run by Lauren on 2008-07-24 15:57:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 384 MiB (512 MiB recommended).
System Drive D: has 0.15 GiB (less than 15%) free.


-- HijackThis (run as Lauren.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:50 PM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
G:\AdAware\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Tiny Personal Firewall\persfw.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\IObit SmartDefrag\IObit SmartDefrag.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
G:\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\RUNDLL32.EXE
G:\SuperAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
G:\Trillian\trillian.exe
D:\Program Files\Apple Software Update\SoftwareUpdate.exe
D:\Documents and Settings\Lauren\Desktop\dss.exe
G:\HIJACK~1\Lauren.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SmartDefrag] "G:\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [iTunesHelper] G:\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = G:\Microsoft Office PRO\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - D:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay11...es/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188675217674
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - G:\SuperAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\AdAware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - D:\Program Files\Tiny Personal Firewall\persfw.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - G:\XBox 360 Controller\pinnacle_updater.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9324 bytes

-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 15:01:54 0 d-------- D:\Documents and Settings\Lauren\dwhelper
2008-07-21 19:16:21 0 d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-21 19:16:16 0 d-------- D:\WINDOWS\system32\Kaspersky Lab
2008-07-16 20:22:13 0 d-------- D:\WINDOWS\system32\drivers\UMDF
2008-07-16 19:03:58 0 d-------- D:\Program Files\Netflix


-- Find3M Report ---------------------------------------------------------------

2008-06-23 19:58:24 0 d-------- D:\Program Files\Panda Security
2008-06-23 18:19:00 0 d-------- D:\Documents and Settings\Lauren\Application Data\SUPERAntiSpyware.com
2008-06-23 17:40:20 0 d-------- D:\Documents and Settings\Lauren\Application Data\Malwarebytes
2008-06-23 17:39:36 0 d-------- D:\Program Files\Common Files\Download Manager
2008-06-23 17:30:46 0 d-------- D:\Documents and Settings\Lauren\Application Data\Opera
2008-05-30 17:22:48 802816 --a------ D:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 17:22:48 823296 --a------ D:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 17:22:48 823296 --a------ D:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 17:22:46 815104 --a------ D:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 17:22:46 683520 --a------ D:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 16:22:18 3596288 --a------ D:\WINDOWS\system32\qt-dx331.dll
2008-05-22 16:19:46 196608 --a------ D:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 16:19:46 81920 --a------ D:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 16:18:54 12288 --a------ D:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-02 22:46:00 1630208 --a------ D:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ D:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ D:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ D:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ D:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ D:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ D:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ D:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartDefrag"="G:\IObit SmartDefrag\IObit SmartDefrag.exe" [01/09/2007 10:46 AM]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 05:19 PM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"iTunesHelper"="G:\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="G:\SuperAntiSpyware\SUPERAntiSpyware.exe" [06/27/2008 06:49 PM]
"iTunesHelper"="G:\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - G:\Microsoft Office PRO\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Adobe Gamma Loader.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/23/2008 10:30:48 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{a5780613-492e-4a2a-a7fd-549610edf6cc}"= D:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL [06/12/2003 01:42 PM 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
G:\SuperAntiSpyware\SASWINLO.DLL 06/27/2008 06:48 PM 294912 G:\SuperAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=D:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCScheduleCheck]
D:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
"G:\IObit SmartDefrag\IObit SmartDefrag.exe" /startup




-- End of Deckard's System Scanner: finished at 2008-07-24 15:59:26 ------------
  • 0

#22
emeraldnzl
Posted 24 July 2008 - 04:31 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
How is your computer running now?
  • 0

#23
Lovltn848
Posted 24 July 2008 - 05:02 PM

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 237 posts
It's running just fine now. I was having issues with Opera so I uninstalled that and downloaded Firefox. I like it much better.

The main issue I'm having right now is that I can't install windows updates and I can't start BITS. Can you help me with that or should I make a different thread in another section of this forum?
  • 0

#24
emeraldnzl
Posted 24 July 2008 - 05:25 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Lovltn848,

The main issue I'm having right now is that I can't install windows updates and I can't start BITS. Can you help me with that or should I make a different thread in another section of this forum?


See how it works once you have carried out the clean up below. If you still have a problem it may be something to do with a firewall or an anti-malware program you are running. I am not the person to tell you about this. Check out the Tech forums if you still have a problem.

Congratulations your machine looks clean to me. :)

We have a couple of last steps to perform and then you're all set. :)

You can delete the DSS download exe and folder now.

Then

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Next, we need to clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

-------------------------------------------------------------------------------------------------------------------

Now that you are clean here are some things I think are worth having a look at:

-------------------------------------------------------------------------------------------------------------------

Check your Java; quite often people find there edition is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JDK) Update and save it to your desktop or the folder you usually download to.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop or Download folder.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop or Download folder double-click on the Java exe to install the newest version.

--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program which works well with XP:
--------------------------------------------------------------------------------------------------------------------

A great way to check that your Microsoft and Java have the latest updates is to go to Software Inspector at Secunia.

I do this weekly. Not only do they tell you which programs need updating but they give you the link to follow.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

---------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

  • SUPERAntiSpyware Free for Home Users to detect and remove spyware.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

    If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting [list]
  • Microsoft Windows Update
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0

#25
Lovltn848
Posted 24 July 2008 - 10:55 PM

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 237 posts
Thank you! I will go down the list and d/l what I can.

Thanks again! :)
  • 0

Advertisements

#26
emeraldnzl
Posted 25 July 2008 - 12:27 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
You are welcome.
  • 0

#27
Rorschach112
Posted 25 July 2008 - 06:30 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP