trojanSPM/LX WinAntiVirus pop ups - PLEASE HELP! [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

trojanSPM/LX WinAntiVirus pop ups - PLEASE HELP! [RESOLVED]

Options

jeff46 View Member Profile	Sep 28 2006, 11:20 PM Post #1
New Member Posts: 5 OS: XP	I'm getting tons of annoying pop ups. I've done everything on your "You Must Read This Before Posting A Hijackthis Log". Thanks for your Help! Logfile of HijackThis v1.99.1 Scan saved at 9:50:39 PM, on 9/28/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE d:\Program Files\ewido anti-spyware 4.0\guard.exe D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe D:\Program Files\Norton Save and Restore\Agent\VProSvc.exe C:\WINDOWS\System32\nvsvc32.exe d:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wwSecure.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\program files\support.com\client\bin\tgcmd.exe D:\Program Files\Acronis\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\Marketing Tips Messenger.exe D:\Program Files\iTunes\iTunesHelper.exe D:\Program Files\Acronis\TimounterMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\Program Files\Norton Save and Restore\Agent\NSRTray.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe D:\Program Files\Washer\wwDisp.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe D:\Program Files\DictionaryToGo\DictionaryToGo.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe D:\Program Files\Express ClickYes\ClickYes.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe C:\Program Files\Sony\VAIO Action Setup\VAServ.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe d:\PROGRA~1\Webshots\Webshots.scr C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE D:\Program Files\ListPro\ListProAlarms.exe C:\Program Files\ATnotes\ATnotes.exe D:\Program Files\SpyCatcher 2006\Scheduler daemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Documents and Settings\Jeff\Desktop\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {088D73D2-B3EB-4D49-A6B8-434810C34EB1} - C:\WINDOWS\system32\wmadsch.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - D:\Program Files\SpyCatcher 2006\SCActiveBlock.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing) O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server O4 - HKLM\..\Run: [TrueImageMonitor.exe] "D:\Program Files\Acronis\TrueImageMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [ReminderApp] "D:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" O4 - HKLM\..\Run: [MediaPilot] C:\Program Files\MediaPilot\MediaPilot.exe O4 - HKLM\..\Run: [Marketing Tips Messenger] C:\WINDOWS\Marketing Tips Messenger.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AcronisTimounterMonitor] "D:\Program Files\Acronis\TimounterMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Save and Restore] "D:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" O4 - HKLM\..\Run: [SpyCatcher Reminder] "D:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [Window Washer] "d:\Program Files\Washer\wwDisp.exe" O4 - HKCU\..\Run: [DictionaryToGo] "D:\PROGRA~1\DICTIO~1\Stub32.exe" -tugak:init O4 - HKCU\..\Run: [Matador] "D:\PROGRA~1\MAILFR~1\mantispm.exe" -quiet O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Express ClickYes] "D:\Program Files\Express ClickYes\ClickYes.exe" O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe O4 - Startup: ListProAlarms.lnk = D:\Program Files\ListPro\ListProAlarms.exe O4 - Startup: ATnotes.lnk = C:\Program Files\ATnotes\ATnotes.exe O4 - Startup: Scheduler.lnk = D:\Program Files\SpyCatcher 2006\Scheduler daemon.exe O4 - Global Startup: VAIO Action Setup (Server).lnk = ? O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add this link to WebWhacker... - d:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwieextlink.html O8 - Extra context menu item: Add this page to WebWhacker... - d:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwieext.html O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download All Files by HiDownload - d:\Program Files\HiDownload\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - d:\Program Files\HiDownload\HDGet.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219 O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220 O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\FRONTP~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: WebWhacker - {E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF} - d:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwietb.html O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - d:\Program Files\HiDownload\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://63.240.197.88/toolbar/webinstall.cab O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/187342c31ccc90...ip/RdxIE601.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136002808859 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140227000687 O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b289h-tu...l/java/RntX.cab O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral4.sel.sony.com/sdccom...oad/sonyctl.CAB O20 - AppInit_DLLs: interceptor.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wmadsch - C:\WINDOWS\SYSTEM32\wmadsch.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Save and Restore - Symantec Corporation - D:\Program Files\Norton Save and Restore\Agent\VProSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - D:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - d:\Program Files\Spy Sweeper\SpySweeper.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Crustyoldbloke View Member Profile	Sep 29 2006, 03:06 AM Post #2
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	Hello Jeff and welcome to Geeks to Go As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible. Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC�s (family PC�s) present a different problem; please tell me if your PC has more than one individual�s setting, but continue with the fix. Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.) You have quite a mixture of malware and Trojans. Let�s see what we can do. I notice that you have three antimalware scanners running in real-time. This is not good practice. Having them running during the fixes may hinder our attempts to alter anything in your registry. Please Disable Spyware Doctor. From within Spyware Doctor, click the OnGuard button on the left side. Uncheck Activate OnGuard Please disable SpyCatcher 2006. I am unfamiliar with the programme, so I can�t offer a tutorial. Also please disable Ewido Guard from running. Right click on the orange icon in the taskbar (near the clock) and uncheck Resident Shield. The icon will change to a grey colour. When your PC has been declared clean, please only enable one of those three programmes to run in real-time. All others should be used as �on demand� scanners. Having more than one antispyware programme running in real-time will cause slowness and even conflicts. To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop: Killbox by Option^Explicit CCleaner combofix.exe Please open, and update Ewido anti-spyware Load Ewido and then click the Update tab at the top. Under Manual Update click Start update. After the update finishes (the status bar at the bottom will display "Update successful") Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Deselect "Only if threats were found" Close Ewido. Do not run it yet. Next, please reboot your computer in Safe Mode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. For additional help in booting into Safe Mode, see the following site: Safe Mode In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient. Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side. Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop). Please ensure you post that log in your reply. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {088D73D2-B3EB-4D49-A6B8-434810C34EB1} - C:\WINDOWS\system32\wmadsch.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/187342c31ccc90...ip/RdxIE601.cab O20 - Winlogon Notify: wmadsch - C:\WINDOWS\SYSTEM32\wmadsch.dll Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into normal mode. Please install Killbox by Option^Explicit. Please double-click Killbox.exe to run it. Select Delete on Reboot then Click on the All Files button. Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\WINDOWS\system32\wmadsch.dll Return to Killbox, go to the File menu, and choose Paste from Clipboard. Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!). If your computer does not restart automatically, please restart it manually. If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again. There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Applications uncheck Ewido Anti-malware log then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues � fix selected issues Double click combofix.exe & follow the prompts. When it has finished, it will produce a log. Please post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Post back a fresh HijackThis log (from normal mode) and I will take another look. (3 logs in total please).

jeff46 View Member Profile	Sep 30 2006, 05:57 AM Post #3
New Member Posts: 5 OS: XP	Hi Phil ! My PC is already running much, much better - It's much faster and No pop ups! I have settings for Administrator and Jeff. I don't know if this is considered one or two individual settings. When I power up the computer I always click on the Jeff icon. --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 7:38:21 PM 9/29/2006 + Scan result: HKU\S-1-5-21-2247778763-1321446302-4065617495-1005\Software\Microsoft\Internet Explorer\MenuExt\Mail to a Friend... -> Adware.Alexa : Cleaned with backup (quarantined). C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP878\A0163535.dll -> Adware.AlexaBar : Cleaned with backup (quarantined). C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP878\A0163536.dll -> Adware.AlexaBar : Cleaned with backup (quarantined). C:\WINDOWS\system32\AlxRes.dll.bak -> Adware.AlexaBar : Cleaned with backup (quarantined). C:\Program Files\Microsoft Visual Studio\Common\Tools\BIND.EXE -> Trojan.Small : Cleaned with backup (quarantined). ::Report end Jeff - 06-09-30 4:20:13.57 Service Pack 2 ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Jeff\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-08-30 to 2006-09-30 )))))))))))))))))))))))))))))))))) 2006-09-28 01:35 532,480 --a------ C:\cwshredder.exe 2006-09-25 23:38 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll 2006-09-24 16:43 1,152 --a------ C:\WINDOWS\system32\windrv.sys 2006-09-22 20:13 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2006-09-22 17:50 23,430 --a------ C:\WINDOWS\system32\vtstr.exe 2006-09-11 22:44 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-28 18:19 -------- d-------- C:\Documents and Settings\Jeff\Application Data\TrojanHunter 2006-09-25 23:53 -------- d-------- C:\Documents and Settings\Jeff\Application Data\Tenebril 2006-09-15 22:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2006-09-15 22:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2006-09-09 17:05 -------- d-------- C:\Documents and Settings\Jeff\Application Data\Alien Skin 2006-08-31 21:37 -------- d--h----- C:\Documents and Settings\Jeff\Application Data\yahoo! 2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 02:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll 2006-08-07 16:02 31936 --a------ C:\WINDOWS\system32\drivers\symids.sys 2006-08-07 16:02 28352 --a------ C:\WINDOWS\system32\drivers\symndis.sys 2006-08-07 16:02 24768 --a------ C:\WINDOWS\system32\drivers\symredrv.sys 2006-08-07 16:02 195776 --a------ C:\WINDOWS\system32\drivers\symtdi.sys 2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll 2006-08-07 16:02 110784 --a------ C:\WINDOWS\system32\drivers\symfw.sys 2006-08-07 16:01 12992 --a------ C:\WINDOWS\system32\drivers\symdns.sys 2006-08-07 01:05 200128 --a------ C:\Documents and Settings\Jeff\Application Data\GDIPFONTCACHEV1.DAT 2006-08-03 19:33 15360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2006-08-03 19:33 14848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2006-08-03 19:33 117248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2006-07-30 06:17 -------- d-------- C:\Program Files\Common Files\Sonic Shared 2006-07-30 04:51 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2006-07-27 06:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\"" "RoboForm"="\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\"" "Window Washer"="\"d:\\Program Files\\Washer\\wwDisp.exe\"" "DictionaryToGo"="\"D:\\PROGRA~1\\DICTIO~1\\Stub32.exe\" -tugak:init" "Matador"="\"D:\\PROGRA~1\\MAILFR~1\\mantispm.exe\" -quiet" "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "swg"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "Index Washer"="d:\\Program Files\\Washer\\WashIdx.exe \"Jeff\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZTgServerSwitch"="\"c:\\program files\\support.com\\client\\bin\\tgcmd.exe\" /server" "TrueImageMonitor.exe"="\"D:\\Program Files\\Acronis\\TrueImageMonitor.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\"" "ReminderApp"="\"D:\\Program Files\\Nova Development\\Greeting Card Factory Deluxe\\ReminderApp.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "nwiz"="\"nwiz.exe\" /install" "NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "Microsoft Works Update Detection"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe\"" "MediaPilot"="C:\\Program Files\\MediaPilot\\MediaPilot.exe" "Marketing Tips Messenger"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,4d,61,72,6b,\ 65,74,69,6e,67,20,54,69,70,73,20,4d,65,73,73,65,6e,67,65,72,2e,65,78,65,00 "iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\"" "AcronisTimounterMonitor"="\"D:\\Program Files\\Acronis\\TimounterMonitor.exe\"" "Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\"" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "Norton Save and Restore"="\"D:\\Program Files\\Norton Save and Restore\\Agent\\NSRTray.exe\"" "RoxioDragToDisc"="\"D:\\Program Files\\Roxio\\Easy Media Creator 8\\Drag to Disc\\DrgToDsc.exe\"" @="" "RoxWatchTray"="\"C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM8\\RoxWatchTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonceex] @="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmadsch HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Jeff.job C:\WINDOWS\tasks\Norton AntiVirus - Run Norton QuickScan - Jeff.job C:\WINDOWS\tasks\XoftSpy.job Completion time: Sat 09/30/2006 4:23:07.31 ComboFix.txt Logfile of HijackThis v1.99.1 Scan saved at 4:28:08 AM, on 9/30/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Acronis\TrueImageMonitor.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\Marketing Tips Messenger.exe D:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe D:\Program Files\Acronis\TimounterMonitor.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\Program Files\Norton Save and Restore\Agent\NSRTray.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE D:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe d:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe D:\Program Files\Washer\wwDisp.exe D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe D:\PROGRA~1\MAILFR~1\mantispm.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Sony\VAIO Action Setup\VAServ.exe D:\Program Files\Norton Save and Restore\Agent\VProSvc.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe D:\Program Files\DictionaryToGo\DictionaryToGo.exe D:\Program Files\ListPro\ListProAlarms.exe d:\PROGRA~1\Webshots\Webshots.scr C:\Program Files\ATnotes\ATnotes.exe C:\WINDOWS\System32\nvsvc32.exe d:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\wdfmgr.exe d:\Program Files\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\wwSecure.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Jeff\Desktop\jeff.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople O2 - BHO: (no name) - {088D73D2-B3EB-4D49-A6B8-434810C34EB1} - C:\WINDOWS\system32\wmadsch.dll (file missing) O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - D:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing) O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server O4 - HKLM\..\Run: [TrueImageMonitor.exe] "D:\Program Files\Acronis\TrueImageMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [ReminderApp] "D:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" O4 - HKLM\..\Run: [MediaPilot] C:\Program Files\MediaPilot\MediaPilot.exe O4 - HKLM\..\Run: [Marketing Tips Messenger] C:\WINDOWS\Marketing Tips Messenger.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AcronisTimounterMonitor] "D:\Program Files\Acronis\TimounterMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Save and Restore] "D:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [Window Washer] "d:\Program Files\Washer\wwDisp.exe" O4 - HKCU\..\Run: [DictionaryToGo] "D:\PROGRA~1\DICTIO~1\Stub32.exe" -tugak:init O4 - HKCU\..\Run: [Matador] "D:\PROGRA~1\MAILFR~1\mantispm.exe" -quiet O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" O4 - HKCU\..\RunOnce: [Index Washer] d:\Program Files\Washer\WashIdx.exe "Jeff" O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe O4 - Startup: ListProAlarms.lnk = D:\Program Files\ListPro\ListProAlarms.exe O4 - Startup: ATnotes.lnk = C:\Program Files\ATnotes\ATnotes.exe O4 - Global Startup: VAIO Action Setup (Server).lnk = ? O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add this link to WebWhacker... - d:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwieextlink.html O8 - Extra context menu item: Add this page to WebWhacker... - d:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwieext.html O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download All Files by HiDownload - d:\Program Files\HiDownload\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - d:\Program Files\HiDownload\HDGet.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219 O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220 O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\FRONTP~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: WebWhacker - {E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF} - d:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwietb.html O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - d:\Program Files\HiDownload\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://63.240.197.88/toolbar/webinstall.cab O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136002808859 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140227000687 O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b289h-tu...l/java/RntX.cab O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral4.sel.sony.com/sdccom...oad/sonyctl.CAB O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wmadsch - wmadsch.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: C-DillaSrv - Unknown owner - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Save and Restore - Symantec Corporation - D:\Program Files\Norton Save and Restore\Agent\VProSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - D:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - d:\Program Files\Spy Sweeper\SpySweeper.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Crustyoldbloke View Member Profile	Sep 30 2006, 07:16 AM Post #4
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	Hello again Jeff The logs look good, but there is just some tidying up to do. There is a file in your log of which I am unsure. For that reason, I need you to submit it to Jotti's for analysis. 1. Click HERE to get to Jotti's site. 2. At the top of the Jotti window, use the Browse button to locate the following file on your system: C:\WINDOWS\system32\vtstr.exe 3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed. 4. Please provide me with the results of the analysis. Rescan with HijackThis. Close all programmes leaving only HijackThis running. Place a checkmark or tick against the following: O2 - BHO: (no name) - {088D73D2-B3EB-4D49-A6B8-434810C34EB1} - C:\WINDOWS\system32\wmadsch.dll (file missing) O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - D:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b289h-tu...l/java/RntX.cab O20 - Winlogon Notify: wmadsch - wmadsch.dll (file missing) Click on Fix Checked when finished and exit HijackThis. Post back a fresh HijackThis log, from normal mode, and I will take another look.

jeff46 View Member Profile	Sep 30 2006, 10:55 PM Post #5
New Member Posts: 5 OS: XP	Hi Phil ! I really appreciate the help your providing and my PC is finally running like it's old self ! Since the vtstr.exe file looks like a threat, I moved it from the c:\windows\system32 folder to a quarentine folder I made on my 'd' drive. I moved the file before I ran HijackThis. Result of Jotti's analysis: File: vtstr.exe Status: INFECTED/MALWARE MD5 d2025a30154a06170caae023c2b975c2 Packers detected: PE_PATCH Scanner results AntiVir Found nothing ArcaVir Found Heur.Win32 Avast Found nothing AVG Antivirus Found nothing BitDefender Found Trojan.Agent.WT ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found W32/Suspicious_U.gen UNA Found nothing VirusBuster Found nothing VBA32 Found Trojan-Downloader.Win32.ConHook.ah Logfile of HijackThis v1.99.1 Scan saved at 9:39:50 PM, on 9/30/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Acronis\TrueImageMonitor.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\Marketing Tips Messenger.exe D:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe D:\Program Files\Acronis\TimounterMonitor.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\Program Files\Norton Save and Restore\Agent\NSRTray.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE D:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe d:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe D:\Program Files\Washer\wwDisp.exe D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe D:\PROGRA~1\MAILFR~1\mantispm.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Sony\VAIO Action Setup\VAServ.exe D:\Program Files\Norton Save and Restore\Agent\VProSvc.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe D:\Program Files\DictionaryToGo\DictionaryToGo.exe D:\Program Files\ListPro\ListProAlarms.exe d:\PROGRA~1\Webshots\Webshots.scr C:\Program Files\ATnotes\ATnotes.exe C:\WINDOWS\System32\nvsvc32.exe d:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\wdfmgr.exe d:\Program Files\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\wwSecure.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE D:\Program Files\Norton Internet Security\comHost.exe D:\Program Files\Spyware Doctor\swdoctor.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Jeff\Desktop\jeff.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server O4 - HKLM\..\Run: [TrueImageMonitor.exe] "D:\Program Files\Acronis\TrueImageMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [ReminderApp] "D:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" O4 - HKLM\..\Run: [MediaPilot] C:\Program Files\MediaPilot\MediaPilot.exe O4 - HKLM\..\Run: [Marketing Tips Messenger] C:\WINDOWS\Marketing Tips Messenger.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AcronisTimounterMonitor] "D:\Program Files\Acronis\TimounterMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Save and Restore] "D:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [Window Washer] "d:\Program Files\Washer\wwDisp.exe" O4 - HKCU\..\Run: [DictionaryToGo] "D:\PROGRA~1\DICTIO~1\Stub32.exe" -tugak:init O4 - HKCU\..\Run: [Matador] "D:\PROGRA~1\MAILFR~1\mantispm.exe" -quiet O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\RunOnce: [Index Washer] d:\Program Files\Washer\WashIdx.exe "Jeff" O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe O4 - Startup: ListProAlarms.lnk = D:\Program Files\ListPro\ListProAlarms.exe O4 - Startup: ATnotes.lnk = C:\Program Files\ATnotes\ATnotes.exe O4 - Global Startup: VAIO Action Setup (Server).lnk = ? O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add this link to WebWhacker... - d:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwieextlink.html O8 - Extra context menu item: Add this page to WebWhacker... - d:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwieext.html O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download All Files by HiDownload - d:\Program Files\HiDownload\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - d:\Program Files\HiDownload\HDGet.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219 O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220 O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\FRONTP~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: WebWhacker - {E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF} - d:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwietb.html O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - d:\Program Files\HiDownload\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://63.240.197.88/toolbar/webinstall.cab O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136002808859 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140227000687 O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral4.sel.sony.com/sdccom...oad/sonyctl.CAB O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: C-DillaSrv - Unknown owner - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Save and Restore - Symantec Corporation - D:\Program Files\Norton Save and Restore\Agent\VProSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - D:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - d:\Program Files\Spy Sweeper\SpySweeper.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Crustyoldbloke View Member Profile	Oct 1 2006, 02:33 AM Post #6
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	Hello again Jeff That's a good idea to quarantine the file, but if you look at the results from Jotti, the fact that some scanners knew what it was indicates that either the file is in their database of malware or that heuristically, it displays the same properties as known malware. To me, it looked like ConHook, and still does. I reckon that if you repeated the exercise with Jotti in say a month, more scanners will identify it as malware. Anyway, the good news is.............. Congratulations! your new log is clean. Just a little bit more to do to prevent further infection. Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.) To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. (Windows XP) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. I recommend going to the following link and update as recommended by Microsoft. This adds more security and extra features including a pop-up blocker for Internet Explorer. Microsoft Update MVPS Hosts file This replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. SiteAdvisor download this plug-in for your browser and it will alert you of a known bad site for FREE. Now that everything is fixed, I suggest that you consider getting these programmes to help keep the computer clean: SPYWARE BLASTER - Blocks bad ActiveX items from installing on your computer. WINDOWS DEFENDER - With daily updates and scans, this programme offers good security against malware. AD-AWARE PERSONAL � A fine free malware detector and removal programme SPYBOT S&D � Excellent free spyware detector and removal programme GOOGLE TOOLBAR - Blocks many unwanted pop-ups in Internet Explorer. FIREFOX - Safer alternative to the Internet Explorer web browser. AVG ANTIVIRUS FREE EDITION - Free antivirus programme if you currently are not using one. ZONEALARM - Free firewall programme if you currently are not using one (Windows XP has a built-in firewall). Remember to update these frequently. Please note that whilst there is nothing wrong in having more than one antispyware programme for �on demand� scanning, having two or more antivirus systems is not recommended as they may well cause conflicts and slowness. You may also want to read "How did I get infected in the first place" to learn how to better secure your computer. Be sure to keep your Windows, antispyware and antivirus updated. It just remains for me to wish you happy safe surfing; I hope you found my advice helpful.

jeff46 View Member Profile	Oct 1 2006, 11:38 AM Post #7
New Member Posts: 5 OS: XP	Hi Phil ! There does seem to be ONE BIG NASTIE still left on my computer. I'm not seeing any symptoms from it like slowness or pop ups, but it doesn't leave me with a very good feeling either! When I run Spyware Doctor, it finds Trojan.Downloader.AEU in my windows registry. I tried removing the Trojan with Spyware Doctor in windows Safe Mode as well as Normal Mode, but it keeps coming back. Result of Spyware Doctor running in Safe Mode: Scans (basic information only): Scan Results: scan start: 10/1/2006 1:14:35 AM scan stop: 10/1/2006 2:34:24 AM scanned items: 462798 found items: 8 found and ignored: 0 tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner Infection Name Location Risk Trojan.Downloader.AEU HKLM\SOFTWARE\Microsoft\Tracing\FWCFG High Trojan.Downloader.AEU HKLM\SOFTWARE\Microsoft\Tracing\FWCFG## High Trojan.Downloader.AEU HKLM\SOFTWARE\Microsoft\Tracing\FWCFG##ConsoleTracingMask High Trojan.Downloader.AEU HKLM\SOFTWARE\Microsoft\Tracing\FWCFG##EnableConsoleTracing High Trojan.Downloader.AEU HKLM\SOFTWARE\Microsoft\Tracing\FWCFG##EnableFileTracing High Trojan.Downloader.AEU HKLM\SOFTWARE\Microsoft\Tracing\FWCFG##FileDirectory High Trojan.Downloader.AEU HKLM\SOFTWARE\Microsoft\Tracing\FWCFG##FileTracingMask High Trojan.Downloader.AEU HKLM\SOFTWARE\Microsoft\Tracing\FWCFG##MaxFileSize High Other Sections:

Crustyoldbloke View Member Profile	Oct 1 2006, 11:48 AM Post #8
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	I reckon they are false positives and have been reported on other forums too; see here: http://www.wilderssecurity.com/showthread.php?t=141453 To be sure and to put your mind at rest, let's do an online scan. Let's try ActiveScan: Please download: Panda ActiveScan to your desktop, using Internet Explorer. Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province where applicable Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on Local Disks to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Please post that log in your reply. This post has been edited by Crustyoldbloke: Oct 1 2006, 01:25 PM

jeff46 View Member Profile	Oct 4 2006, 04:06 AM Post #9
New Member Posts: 5 OS: XP	Hi Phil ! Sorry for the delay. Once my computer was working without pop ups and running fast again, I had to catch up on some things right away. I'm going to skip running Panda ActiveScan for now since it does look like a false positive. It was amazing how quicky you found and fixed the problems. I am so happy and Thank You so much for your help!!

Crustyoldbloke View Member Profile	Oct 4 2006, 04:17 AM Post #10
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	You are welcome Jeff. I will leave this thread open for a few days in case of misfortune.

Crustyoldbloke View Member Profile	Oct 14 2006, 02:30 AM Post #11
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Pop-ups/Possible Smitfraud-c - Please Help! [RESOLVED]	10 / 527	3rd June 2006 - 05:52 AM Alexs2020 started - last by Crustyoldbloke
Virus, Spyware and Trojan Removal TrojanSPM/LX WinAntiVirus Pro 2006 PLEASE HELP [RESOLVED]	10 / 726	18th October 2006 - 09:06 AM balaskonis started - last by sari
Virus, Spyware and Trojan Removal I got something. Please Help! [RESOLVED]	11 / 500	8th October 2006 - 06:09 PM frantinadule started - last by cfa-ddg2
Virus, Spyware and Trojan Removal Internet Speed Monitor Pop ups please help!	1 / 890	24th November 2007 - 08:52 AM charbeary4 started - last by charbeary4