Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to Change Desktop Background [RESOLVED]

Started by MEMPHIS1986 , Aug 17 2008 12:27 PM

  • This topic is locked This topic is locked

#1
MEMPHIS1986
Posted 17 August 2008 - 12:27 PM

MEMPHIS1986

    Member

  • Member
  • PipPip
  • 24 posts
My background picture doesn't display, all that displays is the color. I can change the color but when i change the picture it onle shows right before i shut down. I don't know what to do can someone please help me? :)
  • 0

Advertisements

#2
IndiGenus
Posted 23 August 2008 - 05:18 PM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Hi and welcome to the forums here at G2G! :) Sorry for the delay in getting to your post.

Can you please download, run, and post a HijackThis log for me to take a look at.

http://www.trendsecu.../HJTInstall.exe

Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.

Edited by IndiGenus, 23 August 2008 - 06:38 PM.

  • 0

#3
MEMPHIS1986
Posted 24 August 2008 - 02:27 AM

MEMPHIS1986

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok thanks so much for your help
  • 0

#4
MEMPHIS1986
Posted 24 August 2008 - 03:04 AM

MEMPHIS1986

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:24 PM, on 8/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\AStiDog1210.exe
C:\Program Files\Computer Alarm Clock\cac.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...O&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...O&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AskBar BHO - {5A074B21-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Ask Toolbar - {5A074B29-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Waiting1210] C:\Windows\AStiDog1210.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Computer Alarm Clock] C:\PROGRA~1\COMPUT~1\cac.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
O8 - Extra context menu item: &Save Image to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimagetofolder.html
O8 - Extra context menu item: &Save Image to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O13 - Gopher Prefix:
O21 - SSODL: bmlvqkn - {99159697-E472-45BF-A54E-9925B59E9750} - C:\Windows\bmlvqkn.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10080 bytes
  • 0

#5
IndiGenus
Posted 24 August 2008 - 06:29 AM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#6
MEMPHIS1986
Posted 24 August 2008 - 08:57 AM

MEMPHIS1986

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
SmitFraudFix v2.339

Scan done at 17:50:03.45, Sun 08/24/2008
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\AStiDog1210.exe
C:\Program Files\Computer Alarm Clock\cac.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Zach


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Zach\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Zach\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 802.11b/g WLAN
DNS Server Search Order: 10.77.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B550427-4313-4D08-BD31-FF25631F5622}: DhcpNameServer=10.77.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B550427-4313-4D08-BD31-FF25631F5622}: DhcpNameServer=10.77.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7B550427-4313-4D08-BD31-FF25631F5622}: DhcpNameServer=10.77.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.77.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.77.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.77.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#7
IndiGenus
Posted 24 August 2008 - 09:22 AM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Hi,

Before taking the next step I just need you to check out a file, unless you already know what it is and if it's safe.

Note if you cannot find the file it may be hidden. To unhide follow the instructions here.

http://www.bleepingc...utorial130.html


Please go to http://virusscan.jotti.org, click on Browse, and upload the following file for analysis:

C:\Windows\AStiDog1210.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If Jotti is too busy you can try these.

http://www.kaspersky...anforvirus.html
http://www.virustota.../en/indexf.html
  • 0

#8
MEMPHIS1986
Posted 24 August 2008 - 09:53 AM

MEMPHIS1986

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Service load: 0% 100%

File: AStiDog1210.exe
Status: OK
MD5: 32965e010458c1393c447b4478a4ba0c
Packers detected: -

Scanner results
Scan taken on 24 Aug 2008 15:48:04 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

(There was also this towards the bottom of the page, I don't know if its related but I put it on here anyway)


Last file scanned at least one scanner reported something about: xfg.exe (MD5: 1c5b64184b08af73829501cd1101209e, size: 11264 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir TR/Inject.HC
ArcaVir X
Avast Win32:Poison-FD
AVG Antivirus BackDoor.PoisonIvy.AW
BitDefender X
ClamAV X
CPsecure Troj.W32.Inject.t
Dr.Web BackDoor.Poison.40
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus Virus.Win32.Crypt.CJX
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus Mal/EncPk-CI
VirusBuster Trojan.DL.CKSPost.Gen
VBA32 X
  • 0

#9
IndiGenus
Posted 24 August 2008 - 10:24 AM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Run HijackThis by right clicking on the program and selecting Run as administrator. Click Do a System Scan Only. Put a Check in the box on the left side on this:

O21 - SSODL: bmlvqkn - {99159697-E472-45BF-A54E-9925B59E9750} - C:\Windows\bmlvqkn.dll (file missing)

Then close all windows except HijackThis and press Fix checked.

First, use Use ATF Cleaner to remove temp files,
cookies, cache, ect...
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply along with a Hijackthis log.

Please also let me know how it's running.
  • 0

#10
MEMPHIS1986
Posted 24 August 2008 - 11:27 AM

MEMPHIS1986

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Last file scanned at least one scanner reported something about: xfg.exe (MD5: 1c5b64184b08af73829501cd1101209e, size: 11264 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir TR/Inject.HC
ArcaVir X
Avast Win32:Poison-FD
AVG Antivirus BackDoor.PoisonIvy.AW
BitDefender X
ClamAV X
CPsecure Troj.W32.Inject.t
Dr.Web BackDoor.Poison.40
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus Virus.Win32.Crypt.CJX
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus Mal/EncPk-CI
VirusBuster Trojan.DL.CKSPost.Gen
VBA32 X

( And Here Is The Hijack This Log)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:49, on 8/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\AStiDog1210.exe
C:\Program Files\Computer Alarm Clock\cac.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...O&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...O&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AskBar BHO - {5A074B21-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Ask Toolbar - {5A074B29-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Waiting1210] C:\Windows\AStiDog1210.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Computer Alarm Clock] C:\PROGRA~1\COMPUT~1\cac.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
O8 - Extra context menu item: &Save Image to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimagetofolder.html
O8 - Extra context menu item: &Save Image to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O13 - Gopher Prefix:
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9932 bytes


And things are running ok i guess, my computers background still won't show a picture it 118 degrees outside. And Im in iraq, that kinda sucks, but other than that everythings good. I do really apreciate your help
  • 0

Advertisements

#11
IndiGenus
Posted 24 August 2008 - 11:50 AM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Hi,

Hey thank you for your service over there in Iraq. 118 must be brutal to go out in, especially with full gear.

Did you have a chance to run the MalwareBytes' Anti-Malware? If not please do that and post that log when you get a chance. If you have just post the log please.
  • 0

#12
MEMPHIS1986
Posted 24 August 2008 - 11:55 AM

MEMPHIS1986

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Malwarebytes' Anti-Malware 1.25
Database version: 1082
Windows 6.0.6001 Service Pack 1

20:14:29 8/24/2008
mbam-log-08-24-2008 (20-14-15).txt

Scan type: Quick Scan
Objects scanned: 43571
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\enqvwkp.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\VAC.Video (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Sorry, i forgot to copy and pasted the last thing i copied
  • 0

#13
IndiGenus
Posted 24 August 2008 - 12:03 PM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
I have a feeling you still have something lurking here.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#14
MEMPHIS1986
Posted 24 August 2008 - 12:33 PM

MEMPHIS1986

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
ComboFix 08-08-23.03 - Zach 2008-08-24 21:15:44.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.334 [GMT 3:00]
Running from: C:\Users\Zach\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\autorun.inf
C:\Users\Zach\AppData\Roaming\Adssite Advanced Toolbar
C:\Users\Zach\AppData\Roaming\Adssite Advanced Toolbar\selected.xml
C:\Users\Zach\AppData\Roaming\macromedia\Flash Player\#SharedObjects\XAH7672A\interclick.com
C:\Users\Zach\AppData\Roaming\macromedia\Flash Player\#SharedObjects\XAH7672A\interclick.com\ud.sol
C:\Users\Zach\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\Zach\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.

2008-08-24 20:07 . 2008-08-24 20:07 <DIR> d-------- C:\Users\Zach\AppData\Roaming\Malwarebytes
2008-08-24 20:06 . 2008-08-24 20:06 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-24 20:06 . 2008-08-24 20:06 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-24 20:06 . 2008-08-24 20:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 20:06 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2008-08-24 20:06 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\System32\drivers\mbam.sys
2008-08-24 17:50 . 2008-08-24 17:50 5,736 --a------ C:\WINDOWS\System32\tmp.reg
2008-08-24 17:49 . 2008-08-24 17:51 <DIR> d-------- C:\WINDOWS\System32\SmitfraudFix
2008-08-24 11:59 . 2008-08-24 11:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-23 21:46 . 2008-08-23 21:47 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-23 21:12 . 2008-08-23 21:12 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-23 21:10 . 2008-08-23 22:03 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-23 21:10 . 2008-08-23 22:03 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-23 21:10 . 2008-08-23 21:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-13 08:02 . 2008-07-16 04:32 2,048 --a------ C:\WINDOWS\System32\tzres.dll
2008-08-12 23:00 . 2008-06-27 04:55 1,383,424 --a------ C:\WINDOWS\System32\mshtml.tlb
2008-08-12 23:00 . 2008-06-27 07:15 827,392 --a------ C:\WINDOWS\System32\wininet.dll
2008-08-12 22:14 . 2008-06-19 06:31 361,984 --a------ C:\WINDOWS\System32\IPSECSVC.DLL
2008-08-12 21:53 . 2008-04-10 08:12 738,304 --a------ C:\WINDOWS\System32\inetcomm.dll
2008-08-12 21:47 . 2008-04-18 08:48 269,312 --a------ C:\WINDOWS\System32\es.dll
2008-08-10 20:18 . 2008-08-10 20:24 <DIR> d-------- C:\Poker Application
2008-08-06 23:18 . 2008-08-06 23:18 <DIR> d-------- C:\Program Files\iTunes
2008-08-06 23:18 . 2008-08-06 23:18 <DIR> d-------- C:\Program Files\iPod
2008-07-31 19:23 . 2008-07-31 19:23 <DIR> d--hs---- C:\found.001
2008-07-29 00:55 . 2008-07-29 00:55 <DIR> d-------- C:\Program Files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 14:19 --------- d---a-w C:\Program Files\Sportsbook Poker
2008-08-13 05:00 --------- d-----w C:\Program Files\Windows Mail
2008-07-28 21:56 --------- d-----w C:\Users\Zach\AppData\Roaming\Apple Computer
2008-07-28 17:27 --------- d-----w C:\Program Files\Full Tilt Poker
2008-07-20 20:01 --------- d-----w C:\Program Files\AskBar
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-18 20:01 --------- d-----w C:\ProgramData\Sportsbook Poker
2008-07-10 06:35 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-07-06 10:26 --------- d-----w C:\ProgramData\Apple Computer
2008-07-06 10:15 --------- d-----w C:\Program Files\QuickTime
2008-07-06 10:15 --------- d-----w C:\Program Files\Bonjour
2008-07-06 10:11 --------- d-----w C:\Program Files\Common Files\Apple
2008-07-01 19:59 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-29 12:33 174 --sha-w C:\Program Files\desktop.ini
2008-06-29 12:24 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-29 12:24 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-29 12:24 --------- d-----w C:\Program Files\Windows Journal
2008-06-29 12:24 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-29 12:24 --------- d-----w C:\Program Files\Windows Calendar
2008-06-29 12:23 --------- d-----w C:\Program Files\Windows Defender
2008-06-29 11:46 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-29 11:46 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-03-06 17:16 0 ----a-w C:\Users\Public\Public.exe
2007-12-24 20:12 82 ----a-w C:\Users\Zach\AppData\Roaming\wklnhst.dat
2001-11-11 00:28 342 ----a-w C:\Program Files\setup.bat
2001-11-10 19:33 12,538,001 ----a-w C:\Program Files\unpack.exe
2001-11-10 19:32 29,696 ----a-w C:\Program Files\STARTW.EXE
2001-11-10 18:11 41,563 ----a-w C:\Program Files\RegSetup.exe
2001-10-17 21:03 163,840 ----a-w C:\Program Files\swgbg.exe
2000-03-18 08:29 49,152 ----a-w C:\Program Files\inject.exe
2007-10-02 10:25 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-02 10:25 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-02 10:25 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 10:33 125952]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 01:43 4670704]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 03:15 221184]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 10:33 1233920]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-29 01:59 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-03 03:32 167936]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 21:50 46704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-07 10:43 77824]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 17:38 78008]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"Waiting1210"="C:\Windows\AStiDog1210.exe" [2007-03-23 10:46 60416]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"Computer Alarm Clock"="C:\PROGRA~1\COMPUT~1\cac.exe" [2007-09-06 15:29 696832]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]

C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-08-18 22:44:26 21504]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 12:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 11:01:50 734872]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe [2006-12-07 10:19:49 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{912E4D46-9443-4355-BFFD-FB17D1033BBB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{88E37DE1-BF38-4EAF-9FE1-518E9C159753}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A03BCDD1-BC60-4290-B48B-B85FE0EE7605}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{F0484DEF-8161-4100-BC94-B92C63F6C992}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{117D3D41-9CBC-4A77-8F6F-FD23E365AB86}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{591AC6C7-9C04-4FC7-A1D7-860D35446253}"= C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{CF896297-B062-46A0-9418-340FAACC54EB}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{C3270D6A-EBA1-48AF-B455-D06CEB6E7E68}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{B2761C83-086B-460F-B618-FC413E458717}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{63836B04-D758-4976-98BF-91A26EA796F5}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{1728CC25-CFF7-4DE1-922A-B761022F0C74}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{602094BE-385C-4951-A490-686FB9257ECF}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{75D4F8F0-3B32-4451-B767-AC96FEC0289E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6A0DEB76-5B19-4418-A0BB-06F266E551C6}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3AF834DA-4EDF-4596-8A60-07C784A5D13F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{18D85347-A6E7-48C4-8DEB-A18714534CA5}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{AE4B48D9-8230-420A-9BAB-B97B4BC463DF}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C213E8C3-CEAC-4E97-B836-86023BAC388E}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4978747C-0BE1-4BB3-9B42-7070E51DC9D0}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A6C7D070-2272-4835-A1E5-CC984CE01C39}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{234153EE-68AA-4286-AB6E-43E38ADEB8D2}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{415308DA-2616-411E-9FAE-18A22B480521}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{64F90B18-9EC2-44E2-BBB5-C5D871DAFBAC}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{725D8671-098E-4786-88C7-B4FC9CF23CE4}C:\\users\\zach\\shared\\pc games - unreal tournament\\unreal tournament\\system\\unrealtournament.exe"= UDP:C:\users\zach\shared\pc games - unreal tournament\unreal tournament\system\unrealtournament.exe:unrealtournament.exe
"UDP Query User{25978C31-DB7B-4222-947D-EC6A303A77F4}C:\\users\\zach\\shared\\pc games - unreal tournament\\unreal tournament\\system\\unrealtournament.exe"= TCP:C:\users\zach\shared\pc games - unreal tournament\unreal tournament\system\unrealtournament.exe:unrealtournament.exe
"TCP Query User{F6B79F99-8F22-4B0E-93B4-8133591BAABA}C:\\program files\\electronic arts\\sports car gt\\spcar.exe"= UDP:C:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT
"UDP Query User{ECD9BC41-DE76-4238-B91B-CF73BA2AA687}C:\\program files\\electronic arts\\sports car gt\\spcar.exe"= TCP:C:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT
"TCP Query User{6BE8738C-6FDF-48FA-93D6-CF7BD0613266}C:\\program files\\webmoney\\webmoney.exe"= Disabled:UDP:C:\program files\webmoney\webmoney.exe:WebMoney Keeper Classic Runner Module
"UDP Query User{D358E598-CBD6-41DD-8D5D-E013644C33E5}C:\\program files\\webmoney\\webmoney.exe"= Disabled:TCP:C:\program files\webmoney\webmoney.exe:WebMoney Keeper Classic Runner Module
"TCP Query User{2DC7B35B-1159-467C-971B-DCFA0CC6DC51}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{0474DB1D-23F7-495D-AC55-362076E4DE0A}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{A25DF0D2-01CF-40A4-9BCE-89C77FE22F3D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{95B4A3AF-28F1-44B0-A505-EA2884E5F5B9}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{A2484848-D84F-4F61-96FD-CD70EDF44CD1}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D6E107F9-8FA0-49A0-866D-DB47E535AFFF}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{3DC88B57-690A-4364-8AFA-C222A0251EEB}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{E1A7DA1F-6AE6-4E2C-9F18-41172340DDA2}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{347735A6-9EC2-4181-BC61-995AAFD977BA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{29B8E9CC-46FF-4423-A3FC-3493BDCD28D2}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 17:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 17:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 17:36]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
S3 CAM1210;USB video camera;C:\Windows\system32\Drivers\cam1210.sys [2007-03-22 17:20]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 08:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85aeb491-f055-11dc-b101-0016d4c108b7}]
\shell\AutoRun\command - usdeiect.com
\shell\explore\Command - usdeiect.com
\shell\open\Command - usdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b415fff0-534b-11dd-b8f3-0016d4c108b7}]
\shell\AutoRun\command - F:\Autorun.exe /run
\shell\Shell00\Command - F:\Autorun.exe /run
\shell\Shell01\Command - F:\Autorun.exe /action
\shell\Shell02\Command - F:\Autorun.exe /uninstall

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-24 C:\Windows\Tasks\User_Feed_Synchronization-{D5382518-FB8F-4594-929B-C4BE29E64F73}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 10:33]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://strk.mitglobalnet.net:5050/landing.html
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Save Image to Folder - C:\Program Files\AskBar\bar\bin\askBar.dll/saveimagetofolder.html
O8 -: &Save Image to MyStuff - C:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html
O8 -: &Save Link to Folder - C:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html
O8 -: &Save Link to MyStuff - C:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html
O8 -: &Save Page to Folder... - C:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
O8 -: &Save this Page to MyStuff - C:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 21:20:23
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-24 21:22:36
ComboFix-quarantined-files.txt 2008-08-24 18:22:28

Pre-Run: 32,513,703,936 bytes free
Post-Run: 32,672,419,840 bytes free

236 --- E O F --- 2008-08-13 05:03:44


I was getting all excited for a min, while it was running i could see my desktop picture, then when it stopped it went back to the blue screen
  • 0

#15
IndiGenus
Posted 24 August 2008 - 01:20 PM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Let's try this:

Boot into Safe Mode
Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Step 4: Run SmitfraudFix
Double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP