Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

reappearing malware... [RESOLVED]

Started by mattfili , Nov 07 2005 06:14 PM

  • This topic is locked This topic is locked

#31
mattfili
Posted 15 November 2005 - 09:13 PM

mattfili

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
rdrivRem did not create a txt file, or if it did, i can't find it

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:03:48 PM, 11/15/2005
+ Report-Checksum: B98E0A9

+ Scan result:

:mozilla.13:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\h8r4k6pp.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\h8r4k6pp.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\h8r4k6pp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\h8r4k6pp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\h8r4k6pp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\h8r4k6pp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\h8r4k6pp.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\h8r4k6pp.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\h8r4k6pp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\h8r4k6pp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\h8r4k6pp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\7Y0CYIE0\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\WINDOWS\system32\eraseme_11163.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\system32\phr.exe -> Trojan.MulDrop.1732 : Cleaned with backup


::Report End
//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 15/11/2005 20:40:56
//
//-----------------------------------------------------------------


Statistics

Scan path : C:\
Folders : 2323
Files : 156720
Archives : 6895
Packed files : 12191
Identified viruses : 3
Infected files : 12
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 1
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 137
Scan time : 00:25:22
Scan speed (files/sec) : 102

Virus definitions : 233658
Scan plugins : 13
Archive plugins : 39
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-13-00-38.xpy=>(Embedded EXE g)=>(Embedded EXE o) Infected Trojan.Startpage.SM
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-13-00-38.xpy=>(Embedded EXE g)=>(Embedded EXE o) Disinfection failed
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-13-00-38.xpy=>(Embedded EXE g)=>(Embedded EXE o) Move failed
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-13-16-48.xpy=>(Embedded EXE g)=>(Embedded EXE o) Infected Trojan.Startpage.SM
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-13-16-48.xpy=>(Embedded EXE g)=>(Embedded EXE o) Disinfection failed
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-13-16-48.xpy=>(Embedded EXE g)=>(Embedded EXE o) Move failed
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-13-50-09.xpy=>(Embedded EXE g)=>(Embedded EXE o) Infected Trojan.Startpage.SM
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-13-50-09.xpy=>(Embedded EXE g)=>(Embedded EXE o) Disinfection failed
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-13-50-09.xpy=>(Embedded EXE g)=>(Embedded EXE o) Move failed
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-13-50-09.xpy=>(Embedded EXE g)=>(Embedded EXE o) Infected Trojan.Dyfuca.52104.B
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-13-50-09.xpy=>(Embedded EXE g)=>(Embedded EXE o) Disinfection failed
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-13-50-09.xpy=>(Embedded EXE g)=>(Embedded EXE o) Move failed
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-18-27-14.xpy=>(Embedded EXE g)=>(Embedded EXE o) Infected Trojan.Startpage.SM
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-18-27-14.xpy=>(Embedded EXE g)=>(Embedded EXE o) Disinfection failed
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-18-27-14.xpy=>(Embedded EXE g)=>(Embedded EXE o) Move failed
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-18-27-14.xpy=>(Embedded EXE g)=>(Embedded EXE o) Infected Trojan.Dyfuca.52104.B
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-18-27-14.xpy=>(Embedded EXE g)=>(Embedded EXE o) Disinfection failed
C:\Program Files\XoftSpy\Quarantine\Quarantine06-11-2005-18-27-14.xpy=>(Embedded EXE g)=>(Embedded EXE o) Move failed
C:\Program Files\XoftSpy\Quarantine\Quarantine07-11-2005-15-48-07.xpy=>(Embedded EXE g) Infected Trojan.Downloader.TSUpdate.K
C:\Program Files\XoftSpy\Quarantine\Quarantine07-11-2005-15-48-07.xpy=>(Embedded EXE g) Deleted
C:\Program Files\XoftSpy\Quarantine\Quarantine07-11-2005-15-48-07.xpy Update failed
C:\Program Files\XoftSpy\Quarantine\Quarantine07-11-2005-21-42-37.xpy=>(Embedded EXE g)=>(Embedded EXE o) Infected Trojan.Startpage.SM
C:\Program Files\XoftSpy\Quarantine\Quarantine07-11-2005-21-42-37.xpy=>(Embedded EXE g)=>(Embedded EXE o) Disinfection failed
C:\Program Files\XoftSpy\Quarantine\Quarantine07-11-2005-21-42-37.xpy=>(Embedded EXE g)=>(Embedded EXE o) Move failed
C:\Program Files\XoftSpy\Quarantine\Quarantine07-11-2005-22-15-00.xpy=>(Embedded EXE g)=>(Embedded EXE o) Infected Trojan.Startpage.SM
C:\Program Files\XoftSpy\Quarantine\Quarantine07-11-2005-22-15-00.xpy=>(Embedded EXE g)=>(Embedded EXE o) Disinfection failed
C:\Program Files\XoftSpy\Quarantine\Quarantine07-11-2005-22-15-00.xpy=>(Embedded EXE g)=>(Embedded EXE o) Move failed
C:\Program Files\XoftSpy\Quarantine\Quarantine07-11-2005-22-15-00.xpy=>(Embedded EXE g)=>(Embedded EXE o) Infected Trojan.Dyfuca.52104.B
C:\Program Files\XoftSpy\Quarantine\Quarantine07-11-2005-22-15-00.xpy=>(Embedded EXE g)=>(Embedded EXE o) Disinfection failed
C:\Program Files\XoftSpy\Quarantine\Quarantine07-11-2005-22-15-00.xpy=>(Embedded EXE g)=>(Embedded EXE o) Move failed
C:\Program Files\XoftSpy\Quarantine\Quarantine08-11-2005-18-49-00.xpy=>(Embedded EXE g)=>(Embedded EXE o) Infected Trojan.Dyfuca.52104.B
C:\Program Files\XoftSpy\Quarantine\Quarantine08-11-2005-18-49-00.xpy=>(Embedded EXE g)=>(Embedded EXE o) Disinfection failed
C:\Program Files\XoftSpy\Quarantine\Quarantine08-11-2005-18-49-00.xpy=>(Embedded EXE g)=>(Embedded EXE o) Move failed
C:\Program Files\XoftSpy\Quarantine\Quarantine08-11-2005-19-17-21.xpy=>(Embedded EXE g)=>(Embedded EXE o) Infected Trojan.Startpage.SM
C:\Program Files\XoftSpy\Quarantine\Quarantine08-11-2005-19-17-21.xpy=>(Embedded EXE g)=>(Embedded EXE o) Disinfection failed
C:\Program Files\XoftSpy\Quarantine\Quarantine08-11-2005-19-17-21.xpy=>(Embedded EXE g)=>(Embedded EXE o) Move failed
  • 0

Advertisements

#32
mattfili
Posted 15 November 2005 - 10:00 PM

mattfili

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
oops, forgot to post this

Logfile of HijackThis v1.99.1
Scan saved at 9:57:09 PM, on 11/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Battery Checker] C:\Program Files\TOSHIBA\Battery Checker\BtryChkr.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [microsft windows updates] mswupdate32.exe
O4 - HKLM\..\RunServices: [microsft windows updates] mswupdate32.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Microsoft Distributed Transaction (MSDT) - Unknown owner - C:\WINDOWS\msdt.exe
O23 - Service: Microsoft Path Finder Service (MSpath) - Unknown owner - C:\WINDOWS\mspath.exe (file missing)
O23 - Service: DLL Manager (mswindll) - Unknown owner - C:\WINDOWS\mswindll32.exe (file missing)
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Stability Route (WSR) - Unknown owner - C:\WINDOWS\construct.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

#33
Buckeye_Sam
Posted 16 November 2005 - 05:14 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Click Start -> Run -> (type) services.msc

Scroll down and find the service called Microsoft Distributed Transaction When you find it, double-click on it. In the next window that opens, click the Stop button(if available), then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

Follow those same steps with these services also.

Microsoft Path Finder Service
DLL Manager
Service Hosts
Windows Stability Route


Next run Hijackthis and click on Open the Misc Tools section -> Delete an NT Service
Copy and paste this into the text box and click OK.

MSDT

Do the same with these these.

MSpath
mswindll
ServiceHost
WSR


Download the Pocket Killbox.

Unzip the contents of KillBox.zip to a convenient location and then double-click on KillBox.exe to launch the program.
  • Highlight the lines below and press the Ctrl key and the C key at the same time to copy them to the clipboard:

    • C:\WINDOWS\mswupdate32.exe
      C:\WINDOWS\msdt.exe
      C:\WINDOWS\shost.exe


  • Now go to the Killbox application and click on the File menu and then the Paste from Clipboard menu item. In the Full Path of File to Delete box you should see the first file. If you dropdown that box you should see the rest of them. Make sure that they are all there.
  • Click on the Delete on Reboot option and then click on the red circle with a white 'X' in to to delete the files. Killbox will tell you that all listed files will be deleted on next reboot, click YES. When it asks if you would like to Reboot now, click YES. If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.
Your system will reboot now.


After reboot please post a new hijackthis log, from normal mode if possible.
  • 0

#34
mattfili
Posted 16 November 2005 - 09:25 PM

mattfili

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
of the programs that where started, the stoped button could not be pressed... i did disable them though.

C:\WINDOWS\mswupdate32.exe was on in the drop down box.


Logfile of HijackThis v1.99.1
Scan saved at 9:22:58 PM, on 11/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Battery Checker\BtryChkr.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Battery Checker] C:\Program Files\TOSHIBA\Battery Checker\BtryChkr.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

#35
Buckeye_Sam
Posted 17 November 2005 - 01:34 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
We're making headway! :tazz:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#36
mattfili
Posted 17 November 2005 - 02:26 PM

mattfili

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
i think just recently some more malware was unintentially installed...

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, November 17, 2005 14:23:44
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 17/11/2005
Kaspersky Anti-Virus database records: 160410
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 34865
Number of viruses found: 12
Number of infected objects: 161
Number of suspicious objects: 0
Duration of the scan process: 1309 sec

Infected Object Name - Virus Name
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll Infected: Trojan-Spy.Win32.Small.dg
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP11\A0013295.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ac
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0017469.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0017472.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0018986.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0019005.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0020001.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0021008.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0022029.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0023023.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0023044.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0025026.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0025036.sys Infected: Rootkit.Win32.Agent.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0025045.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026034.sys Infected: Rootkit.Win32.Agent.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026039.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026069.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026079.sys Infected: Rootkit.Win32.Agent.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026086.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026104.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026105.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026106.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026107.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026108.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026109.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026110.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026111.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026112.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026113.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026114.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026116.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026117.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026118.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026119.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026121.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026126.sys Infected: Rootkit.Win32.Agent.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026127.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026141.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026160.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026164.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026170.sys Infected: Rootkit.Win32.Agent.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026190.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026199.sys Infected: Rootkit.Win32.Agent.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026207.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026209.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026218.sys Infected: Rootkit.Win32.Agent.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0026226.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0027217.sys Infected: Rootkit.Win32.Agent.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0027224.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0027226.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0027235.sys Infected: Rootkit.Win32.Agent.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0028229.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0028235.sys Infected: Rootkit.Win32.Agent.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0029234.sys Infected: Rootkit.Win32.Agent.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0029240.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0029245.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0029254.sys Infected: Rootkit.Win32.Agent.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0029260.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0029288.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0029298.sys Infected: Rootkit.Win32.Agent.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0029300.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0029326.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0029342.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0030335.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0030364.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0031364.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0031374.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0031379.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0031383.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0031401.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0031405.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0032405.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0032407.exe Infected: Backdoor.Win32.SdBot.yx
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0032415.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0032419.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP12\A0033418.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP13\A0033429.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP13\A0033438.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP13\A0034437.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP13\A0034439.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP13\A0034443.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0034453.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0034462.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0034465.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0034469.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0034476.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0034480.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0034484.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0034497.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0034506.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0034508.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0034512.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035511.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035512.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035513.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035514.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035515.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035516.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035517.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035518.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035519.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035520.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035521.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035522.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035523.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035524.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035525.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035626.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035631.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0035635.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0036641.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0036646.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0036650.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0037655.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0037656.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0037671.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0037672.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0037685.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0037686.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0037691.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0037695.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0038700.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0038703.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0038707.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0038716.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0038720.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0039738.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP14\A0039777.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0040876.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0040877.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0040878.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0040879.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0040880.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0040881.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0040882.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0040883.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0040884.exe Infected: Backdoor.Win32.Rbot.aea
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0044001.exe Infected: Backdoor.Win32.SdBot.yx
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0044003.exe Infected: Backdoor.Win32.Rbot.aea
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0044008.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0044009.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0044010.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0044011.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0044012.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0044013.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0044014.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0044016.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0044017.exe Infected: Trojan.Win32.LowZones.cq
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0044024.exe Infected: Backdoor.Win32.Rbot.adf
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP15\A0044026.sys Infected: Rootkit.Win32.Agent.ab
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP17\A0045104.exe Infected: Trojan.Win32.Crypt.d
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP18\A0047225.exe Infected: Backdoor.Win32.SdBot.yx
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP18\A0047248.exe Infected: Backdoor.Win32.SdBot.aig
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP19\A0047284.exe Infected: Trojan-Downloader.Win32.Small.bfy
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP19\A0047300.exe Infected: Backdoor.Win32.SdBot.aig
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP19\A0047302.exe Infected: Trojan-Spy.Win32.Small.dg
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP19\A0047303.exe Infected: Backdoor.Win32.SdBot.aig
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP19\A0047305.exe Infected: Backdoor.Win32.SdBot.yx
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP19\A0047306.exe Infected: Backdoor.Win32.Rbot.aeu
C:\System Volume Information\_restore{82C43A99-4545-45C5-8E82-063EAFA02D9A}\RP19\A0047307.exe Infected: Backdoor.Win32.Rbot.aea
C:\WINDOWS\thin-149-2-x-x.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ac

Scan process completed.


and a new hijack this log...
Logfile of HijackThis v1.99.1
Scan saved at 2:24:07 PM, on 11/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Battery Checker\BtryChkr.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Battery Checker] C:\Program Files\TOSHIBA\Battery Checker\BtryChkr.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

#37
Buckeye_Sam
Posted 17 November 2005 - 03:57 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Flush your system restore, this will delete any restore points that you have but it will also make sure that any malware hiding in system restore will be booted off.

Turn off System Restore:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.

Please delete these files.

C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
C:\WINDOWS\thin-149-2-x-x.exe


Your log looks pretty good now. How are things working on your end?
  • 0

#38
mattfili
Posted 17 November 2005 - 04:11 PM

mattfili

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
i think there is something blocking my desktop, because i can't get the background wallpaper to change - its just stuck on a grey screen.

when i open my display properties, and go to the desktop tab i can't choose anything... any ideas?
  • 0

#39
Buckeye_Sam
Posted 17 November 2005 - 04:20 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Download the following reg file to your desktop by right clicking on the link, and selecting save as.

http://www.bleepingc...g/smitfraud.reg

Once it has downloaded, double-click on the smitfraud.reg file on your desktop and when it asks if you would like to merge the data, click on the Yes button.

Reboot your computer and you should now be able to change your desktop settings back to how you would like it.

Let me know if that doesn't work.
  • 0

#40
mattfili
Posted 17 November 2005 - 04:44 PM

mattfili

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Great! that did the trick! Thanks for all your help, I really, really, really, really appreaciate it :tazz:

Hopefully all stays good :)

Something i've just noticed is that my SD slot doesn't seem to be installed. I don't know if you can help me with that.

Edited by mattfili, 17 November 2005 - 09:35 PM.

  • 0

Advertisements

#41
Buckeye_Sam
Posted 18 November 2005 - 08:57 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts

Something i've just noticed is that my SD slot doesn't seem to be installed. I don't know if you can help me with that.

Hmmmm....I'm not sure. What's an SD slot?
  • 0

#42
mattfili
Posted 18 November 2005 - 09:00 AM

mattfili

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
its a built in slot on my computer for the memory cards for digital cameras, and my computer doesn't recongize its existance...
  • 0

#43
Buckeye_Sam
Posted 18 November 2005 - 08:51 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Doesn't recognize it's existence as in, it doesn't work, or as in doesn't show up in your device manager?
  • 0

#44
mattfili
Posted 19 November 2005 - 02:39 AM

mattfili

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
both acutally, also in device manager under other devices there is a PCI Device? I don't know, it seems weird.
  • 0

#45
Buckeye_Sam
Posted 19 November 2005 - 08:51 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Chances are that it's in the hardware. It may not be connected properly.

Double check to make sure everything is connected the way it should be and then reboot. Windows should recognize automatically the new hardware and install the default driver for it.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP