Sign in to follow this  
lofreequency

Thematrishasyou.exe 12-8-06

Recommended Posts

Hi, Hope someone can help. I've followed the instructions on the "Utzimmerman 'matrisahasyou' " post. I've run Drweb and Ad-Aware in safe mode and then rebooted and ran the HiJack This scan. Attatched is my Dr.Web log report and here's my HiJack this log, please advise. Thanks in advance! :unsure:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 9:30:39 PM, on 12/8/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

C:\WINNT\system32\CTsvcCDA.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINNT\system32\gearsec.exe

C:\WINNT\system32\hidserv.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\MsPMSPSv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\SERVICES.EXE

C:\WINNT\system32\S3apphk.exe

C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

C:\Program Files\mcafee.com\antivirus\oasclnt.exe

C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINNT\system32\rundll32.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

C:\Program Files\Common Files\AOL\1137373316\ee\SSCEvtHdlr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\Common Files\AOL\1137373316\ee\aolsoftware.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\HIJack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F3 - REG:win.ini: run=C:\WINNT\inet20126\services.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [s3apphk] S3apphk.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"

O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137373316\ee\SSCRun.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe

O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [wupdate] rundll32.exe c:\winupdtm.dll,wupdate

O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe

O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b

O4 - HKCU\..\Run: [WinMedia] "C:\update8205282820109545.exe "

O4 - HKCU\..\Run: [WinUpgrade] "C:\update8205282820115244.exe "

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm265YYUS

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{58F75CDC-1AE6-4FA3-B555-E8E7D2DE0BFF}: NameServer = 192.168.0.1,205.171.3.65

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: GearSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

DrWeb12_8_06.txt

Share this post


Link to post
Share on other sites

Hello,lofreequency & Welcome

 

Do this for me Please

 

 

Please download SUPERAntiSpyware Home Edition (free version)

Install it and double-click the icon on your desktop to run it.

It will ask if you want to update the program definitions, click Yes.

Under Configuration and Preferences, click the Preferences button.

Click the Scanning Control tab.

Under Scanner Options make sure the following are checked:

Close browsers before scanning

Scan for tracking cookies

Terminate memory threats before quarantining.

Please leave the others unchecked.

Click the Close button to leave the control center screen.

On the main screen, under Scan for Harmful Software click Scan your computer.

On the left check C:\Fixed Drive.

On the right, under Complete Scan, choose Perform Complete Scan.

Click Next to start the scan. Please be patient while it scans your computer.

After the scan is complete a summary box will appear. Click OK.

Make sure everything in the white box has a check next to it, then click Next.

It will quarantine what it found and if it asks if you want to reboot, click Yes.

To retrieve the removal information for me please do the following:

After reboot, double-click the SUPERAntispyware icon on your desktop.

Click Preferences. Click the Statistics/Logs tab.

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

It will open in your default text editor (such as Notepad/Wordpad).

Please highlight everything in the notepad, then right-click and choose copy.

Click close and close again to exit the program.

Please paste that information here for me with a new HijackThis log.

 

 

and this here

 

 

http://download.bleepingcomputer.com/sUBs/combofix.exe1. Download this file - combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply with a new HijackThis log.

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

 

Gogo :unsure:

Share this post


Link to post
Share on other sites

Hi, as requested the Superanti Spyware log, then the other logs:SUPERAntiSpyware Scan Log

Generated 12/09/2006 at 11:31 AM

 

Application Version : 3.4.1000

 

Core Rules Database Version : 3144

Trace Rules Database Version: 1160

 

Scan type : Complete Scan

Total Scan Time : 02:33:11

 

Memory items scanned : 510

Memory threats detected : 0

Registry items scanned : 5115

Registry threats detected : 2

File items scanned : 88446

File threats detected : 5

 

Adware.Tracking Cookie

C:\Documents and Settings\hart-navarre1\Cookies\[email protected][2].txt

C:\Documents and Settings\hart-navarre1\Cookies\[email protected][2].txt

C:\Documents and Settings\hart-navarre1\Cookies\[email protected][2].txt

C:\Documents and Settings\hart-navarre1\Cookies\[email protected][1].txt

C:\Documents and Settings\hart-navarre1\Cookies\[email protected][1].txt

 

Adware.MyWebSearch

HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\Programmable

 

 

 

And a new Hijack this log after running Superanti Spyware:Logfile of HijackThis v1.99.1

Scan saved at 12:01:37 PM, on 12/9/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

C:\WINNT\system32\CTsvcCDA.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINNT\system32\gearsec.exe

C:\WINNT\system32\hidserv.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\MsPMSPSv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\wuauclt.exe

C:\WINNT\system32\SERVICES.EXE

C:\WINNT\system32\S3apphk.exe

C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

C:\Program Files\mcafee.com\antivirus\oasclnt.exe

C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINNT\system32\rundll32.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\Common Files\AOL\1137373316\ee\SSCEvtHdlr.exe

C:\Program Files\Common Files\AOL\1137373316\ee\aolsoftware.exe

C:\DOCUME~1\HART-N~1\LOCALS~1\Temp\SSUPDATE.EXE

c:\program files\common files\aol\1137373316\ee\anotify.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\HIJack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F3 - REG:win.ini: run=C:\WINNT\inet20126\services.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [s3apphk] S3apphk.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"

O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137373316\ee\SSCRun.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe

O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [wupdate] rundll32.exe c:\winupdtm.dll,wupdate

O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe

O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b

O4 - HKCU\..\Run: [WinMedia] "C:\update8205282820109545.exe "

O4 - HKCU\..\Run: [WinUpgrade] "C:\update8205282820115244.exe "

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm265YYUS

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{58F75CDC-1AE6-4FA3-B555-E8E7D2DE0BFF}: NameServer = 192.168.0.1,205.171.3.65

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: GearSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

 

 

And My COMBOFIX log:

 

hart-navarre1 - Sat 12/09/2006 12:10:08.04 Service Pack 4

ComboFix 06.11.27W - Running from: "C:\Program Files\America Online 9.0\download"

 

((((((((((((((((((((((((((((((( Files Created from 2006-11-09 to 2006-12-09 ))))))))))))))))))))))))))))))))))

 

 

2006-12-09 00:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2006-12-09 00:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2006-12-09 00:11 <DIR> d-------- C:\Documents and Settings\hart-navarre1\Application Data\SUPERAntiSpyware.com

2006-12-08 17:32 <DIR> d-------- C:\Documents and Settings\hart-navarre1\DoctorWeb

2006-12-07 18:17 <DIR> d-------- C:\WINNT\SoftwareDistribution

2006-12-07 18:16 465,176 --a------ C:\WINNT\system32\wuapi.dll

2006-12-07 18:16 41,240 --a------ C:\WINNT\system32\wups.dll

2006-12-07 18:16 194,328 --a------ C:\WINNT\system32\wuaueng1.dll

2006-12-07 18:16 18,200 --a------ C:\WINNT\system32\wups2.dll

2006-12-07 18:16 173,536 --a------ C:\WINNT\system32\wuweb.dll

2006-12-07 18:16 172,312 --a------ C:\WINNT\system32\wuauclt1.exe

2006-12-07 18:16 127,256 --a------ C:\WINNT\system32\wucltui.dll

2006-12-06 22:45 <DIR> d-------- C:\HIJack This

2006-12-05 22:08 80,640 --a------ C:\WINNT\system32\drivers\MpFirewall.sys

2006-12-05 22:08 8,704 --a------ C:\WINNT\system32\MPFApi.dll

2006-12-05 22:06 <DIR> d-------- C:\Program Files\CA

2006-12-05 22:05 41,018 --a------ C:\WINNT\system32\EntAPI.dll

2006-12-05 22:05 401,462 --a------ C:\WINNT\system32\msvcp60.dll

2006-12-05 22:04 82,432 --a------ C:\WINNT\system32\msxml4r.dll

2006-12-05 22:04 44,544 --a------ C:\WINNT\system32\msxml4a.dll

2006-12-05 22:04 1,233,920 --a------ C:\WINNT\system32\msxml4.dll

2006-12-05 08:47 <DIR> d-------- C:\WINNT\inet20126

2006-12-05 08:36 45,568 --a------ C:\winupdtm.dll

2006-12-02 11:02 3,867,659 --a------ C:\Program Files\PCRescueSetup4.exe

2006-12-02 10:39 86,016 --a------ C:\WINNT\unvise32.exe

2006-12-02 10:39 <DIR> d-------- C:\Program Files\PCRescue4.0

2006-12-02 10:38 3,867,659 --a------ C:\Program Files\PCRescueSetup.exe

2006-12-01 17:12 684,032 --a------ C:\WINNT\system32\libeay32.dll

2006-12-01 17:12 155,648 --a------ C:\WINNT\system32\ssleay32.dll

2006-12-01 17:10 13,111,432 --a------ C:\Program Files\ssftrialsnrsetup5239_1898980556.exe

2006-11-30 22:13 <DIR> d-------- C:\Documents and Settings\hart-navarre1\Application Data\Uniblue

2006-11-30 22:12 3,027,458 --a------ C:\Program Files\registryboosterplib.exe

2006-11-30 19:43 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2006-11-30 19:43 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Spybot - Search & Destroy

2006-11-30 19:42 5,037,072 --a------ C:\Program Files\spybotsd14.exe

2006-11-29 20:15 <DIR> d-------- C:\Documents and Settings\hart-navarre1\Application Data\PC Tools

2006-11-29 20:14 8,604,464 --a------ C:\Program Files\sdsetup.exe

2006-11-25 12:03 <DIR> d-------- C:\Documents and Settings\hart-navarre1\G-Force

2006-11-25 12:03 <DIR> d-------- C:\Documents and Settings\hart-navarre1\Application Data\G-Force

2006-11-23 00:28 8,509 --a------ C:\WINNT\system32\94659.exe

2006-11-22 07:46 44,032 --a------ C:\WINNT\system32\winupdate.dll

2006-11-22 07:45 94,208 --a------ C:\wupdmnt.dll

2006-11-21 08:19 94,208 ---h----- C:\WINNT\system32\w_update.dll

2006-11-15 08:50 44,544 ---h----- C:\w_update.dll

2006-11-14 17:20 8,976 --a------ C:\WINNT\system32\kbdjpn.dll

2006-11-14 17:20 7,440 --a------ C:\WINNT\system32\kbd106.dll

2006-11-11 18:27 <DIR> d-------- C:\Documents and Settings\hart-navarre1\Application Data\.ABC

2006-11-11 18:25 4,222,516 --a------ C:\Program Files\ABC-win32-v3.1.exe

2006-11-11 18:17 <DIR> d-------- C:\Program Files\3.1.0

2006-11-11 14:08 402,897 --a------ C:\Program Files\maketorrent-2.1.exe

2006-11-11 14:08 <DIR> d-------- C:\Program Files\Maketorrent 2

2006-11-11 13:29 524,709 --a------ C:\Program Files\flac112a.exe

2006-11-11 13:29 <DIR> d-------- C:\Program Files\FLAC

2006-11-11 13:27 204,445 --a------ C:\Program Files\FLAC_plugin_with_library_support.exe

2006-11-11 12:35 1,044,168 --a------ C:\Program Files\vbrun60sp5.exe

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-12-09 00:11 -------- d-a------ C:\Program Files\Common Files

2006-12-07 18:24 -------- d-------- C:\Program Files\LimeWire

2006-12-07 18:17 -------- d-ah----- C:\Program Files\WindowsUpdate

2006-12-06 10:19 -------- d-------- C:\Program Files\AOL

2006-12-05 22:09 -------- d-a------ C:\Program Files\Common Files\AOL

2006-12-05 22:02 -------- d-------- C:\Documents and Settings\hart-navarre1\Application Data\AOL

2006-12-04 20:06 -------- d-------- C:\Program Files\Incomplete

2006-12-03 11:36 -------- d-------- C:\Program Files\Winamp

2006-12-03 09:31 -------- d-------- C:\Program Files\Webroot

2006-12-02 12:06 58671 --a------ C:\Program Files\StartupCPL.zip

2006-11-23 00:20 -------- d-------- C:\Program Files\Apple Software Update

2006-11-20 22:55 -------- d-------- C:\Documents and Settings\hart-navarre1\Application Data\SoundSpectrum

2006-11-20 07:09 -------- d-a------ C:\Program Files\America Online 9.0

2006-11-16 20:42 753 --a------ C:\Documents and Settings\hart-navarre1\Application Data\com.kennettnet.PodUtil.plist

2006-11-11 18:28 -------- d-------- C:\Program Files\ABC

2006-11-11 18:27 -------- d-------- C:\Documents and Settings\hart-navarre1\Application Data\.ABC

2006-11-11 18:17 320910 --a------ C:\Program Files\ABC-win32-v3.1.zip

2006-11-11 14:07 12150 --a------ C:\Program Files\maketorrent-2.1[1]

2006-11-06 20:01 1121693 --a------ C:\Program Files\mirc62.exe

2006-11-04 09:37 -------- d-------- C:\Program Files\Exact Audio Copy

2006-11-04 09:36 1208101 --a------ C:\Program Files\eac-0.95b4.exe

2006-11-01 21:15 192371 --a------ C:\Program Files\G-Force_Screen_Saver_114.exe

2006-11-01 21:14 3716155 --a------ C:\Program Files\G-Force_357_Platinum.exe

2006-10-22 10:58 -------- d-------- C:\Program Files\MediaFACE II

2006-10-16 20:47 -------- d-------- C:\Documents and Settings\hart-navarre1\Application Data\U3

2006-10-07 13:06 36656704 --a------ C:\Program Files\iTunesSetup.exe

2006-10-04 17:05 3186040 --a------ C:\Program Files\SFTPMSI.exe

2006-10-04 16:42 3742383 --a------ C:\Program Files\CoffeeFreeFTPInstaller.exe

2006-09-30 12:40 45166458 --a------ C:\Program Files\soundforge80d.exe

2006-09-30 10:01 728328 --a------ C:\Program Files\SonicStageInstaller.exe

2006-09-08 22:19 442408 --a------ C:\Program Files\msgr8us.exe

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Window Washer"="\"C:\\Program Files\\Webroot\\Washer\\wwDisp.exe\""

"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"

"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"

"AOL Fast Start"="\"C:\\Program Files\\America Online 9.0\\AOL.EXE\" -b"

"WinUpgrade"="\"C:\\update8205282820115244.exe \" "

"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"Synchronization Manager"="mobsync.exe /logon"

"S3apphk"="S3apphk.exe"

"HostManager"="C:\\Program Files\\Common Files\\AOL\\1137373316\\ee\\AOLSoftware.exe"

"AOLDialer"="\"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe\""

"AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1137373316\\ee\\services\\safetyCore\\ver210_5_2_1\\AOLSP Scheduler.exe"

"sscRun"="C:\\Program Files\\Common Files\\AOL\\1137373316\\ee\\SSCRun.exe"

"OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe"

"EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe"

"MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""

"Picasa Media Detector"="\"C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe\""

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"wupdate"="rundll32.exe c:\\winupdtm.dll,wupdate"

"PPRT"="C:\\Program Files\\CA\\PPRT\\bin\\ITMRTSVC_Logon.exe"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000003

"Settings"=dword:00000001

"GeneralFlags"=dword:00000000

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000095

"NoSaveSettings"=dword:00000000

"NoThemesTab"=dword:00000000

"ForceActiveDesktopOn"=dword:00000000

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"DisableTaskMgr"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoActiveDesktopChanges"=dword:00000000

"NoCDBurning"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=hex:95,00,00,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINNT\tasks\AppleSoftwareUpdate.job

 

Completion time: Sat 2006-12-09 12:11:17.99

C:\ComboFix.txt ... 06-12-09 12:11

 

 

Hope I'm understaning your instructions...looks like a new HiJack This scan log after running Combofix is required...which is this:

Logfile of HijackThis v1.99.1

Scan saved at 12:13:34 PM, on 12/9/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

C:\WINNT\system32\CTsvcCDA.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINNT\system32\gearsec.exe

C:\WINNT\system32\hidserv.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\MsPMSPSv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\wuauclt.exe

C:\WINNT\system32\SERVICES.EXE

C:\WINNT\system32\S3apphk.exe

C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe

C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

C:\Program Files\mcafee.com\antivirus\oasclnt.exe

C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINNT\system32\rundll32.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\Common Files\AOL\1137373316\ee\SSCEvtHdlr.exe

C:\Program Files\Common Files\AOL\1137373316\ee\aolsoftware.exe

C:\DOCUME~1\HART-N~1\LOCALS~1\Temp\SSUPDATE.EXE

c:\program files\common files\aol\1137373316\ee\anotify.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\NOTEPAD.EXE

C:\HIJack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F3 - REG:win.ini: run=C:\WINNT\inet20126\services.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [s3apphk] S3apphk.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"

O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137373316\ee\SSCRun.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe

O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [wupdate] rundll32.exe c:\winupdtm.dll,wupdate

O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe

O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b

O4 - HKCU\..\Run: [WinUpgrade] "C:\update8205282820115244.exe "

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm265YYUS

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{58F75CDC-1AE6-4FA3-B555-E8E7D2DE0BFF}: NameServer = 192.168.0.1,205.171.3.65

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: GearSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

 

 

Thank you very much. :)

Share this post


Link to post
Share on other sites

Hi,lofreequency

 

First goto ControlPanel Add/Remove Programs see it these items are there if so Uninstall/Remove.

inet20126

PCRescue4.0

 

 

Download The Avenger Copyright © Swandog46

You must extract avenger.exe to your desktop, before you run it.

 

CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!

 

 

Copy all the text contained in the code box below to your Clipboard.

NOTE: copy all text but not the word quote

 

Files to delete:

C:\Program Files\PCRescueSetup.exe

C:\Program Files\ssftrialsnrsetup5239_1898980556.exe

C:\WINNT\system32\94659.exe

C:\WINNT\system32\winupdate.dll

C:\wupdmnt.dll

C:\WINNT\system32\w_update.dll

C:\w_update.dll

C:\winupdtm.dll

C:\Program Files\PCRescueSetup4.exe

C:\WINNT\unvise32.exe

 

Folders to delete:

C:\Program Files\PCRescue4.0

C:\WINNT\inet20126

 

The above script is for this user only, if you need help please start your own thread.

 

Start the Avenger.

Under "Script file to execute" choose "Input Script Manually".

Click on the Magnifying Glass icon which will open a new window titled "View/edit script".

Paste the entire text in into this window.

Click done, now click on the Green Light

Answer "Yes" twice when prompted.

Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.

 

After the restart, it will create a log file that should open.

This log file will be located at C:\avenger.txt

 

Paste the contents of C:\avenger.txt into your reply along with a fresh HijackThis! log.

 

Also: Avenger has made backups of all the files, etc., that you asked it to delete, located at C:\avenger\backup.zip.

 

 

Gogo :)

Share this post


Link to post
Share on other sites

Hi, The PC Rescue was in the Add/remove programs to I removed it (is that a scam? PC Rescue? Because I paid for it and downloaded it but they would never send me the registration code to activate the program). The other one you mentioned was not there. Here's the Avenger log as requested. The Avenger log:

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\uiklpcpy

 

*******************

 

Script file located at: \??\C:\WINNT\xljnqduv.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\Program Files\PCRescueSetup.exe deleted successfully.

File C:\Program Files\ssftrialsnrsetup5239_1898980556.exe deleted successfully.

File C:\WINNT\system32\94659.exe deleted successfully.

File C:\WINNT\system32\winupdate.dll deleted successfully.

File C:\wupdmnt.dll deleted successfully.

File C:\WINNT\system32\w_update.dll deleted successfully.

File C:\w_update.dll deleted successfully.

File C:\winupdtm.dll deleted successfully.

File C:\Program Files\PCRescueSetup4.exe deleted successfully.

File C:\WINNT\unvise32.exe deleted successfully.

Folder C:\Program Files\PCRescue4.0 deleted successfully.

Folder C:\WINNT\inet20126 deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

 

And a new HiJack This log:

 

Logfile of HijackThis v1.99.1

Scan saved at 2:51:57 PM, on 12/9/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

C:\WINNT\system32\CTsvcCDA.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINNT\system32\gearsec.exe

C:\WINNT\system32\hidserv.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\MsPMSPSv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\wuauclt.exe

C:\WINNT\system32\SERVICES.EXE

C:\WINNT\system32\S3apphk.exe

C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

C:\Program Files\mcafee.com\antivirus\oasclnt.exe

C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\Common Files\AOL\1137373316\ee\SSCEvtHdlr.exe

C:\Program Files\Common Files\AOL\1137373316\ee\aolsoftware.exe

C:\WINNT\system32\notepad.exe

C:\DOCUME~1\HART-N~1\LOCALS~1\Temp\SSUPDATE.EXE

c:\program files\common files\aol\1137373316\ee\anotify.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\HIJack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F3 - REG:win.ini: run=C:\WINNT\inet20126\services.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [s3apphk] S3apphk.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"

O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137373316\ee\SSCRun.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe

O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe

O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b

O4 - HKCU\..\Run: [WinUpgrade] "C:\update8205282820115244.exe "

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm265YYUS

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{58F75CDC-1AE6-4FA3-B555-E8E7D2DE0BFF}: NameServer = 192.168.0.1,205.171.3.65

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: GearSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

 

 

 

Much Thanks! :)

Edited by lofreequency

Share this post


Link to post
Share on other sites

Hi,lofreequency

 

Nice work

 

 

View hidden files and folders:

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

 

 

Run HijackThis

Scan and when it finishes, put a check mark only next to these following items : (if present)

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

 

F3 - REG:win.ini: run=C:\WINNT\inet20126\services.exe

 

O4 - HKCU\..\Run: [WinUpgrade] "C:\update8205282820115244.exe

 

Close all browsers and any open Windows, making sure that only HijackThis is open

Click Fix Checked

Close HijackThis

 

 

Restart your computer in Safe Mode.

  1. If the computer is running, shut down Windows, and then turn off the power.
  2. Wait 30 seconds, and then turn the computer on.
  3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  4. Ensure that the Safe Mode option is selected.
  5. Press Enter. The computer then begins to start in Safe Mode.
  6. Login on your usual account.

If you need further assistance with Safe Mode, see Symantec

 

 

Once in Safe Mode do a file and folder Search for these items here if found delete them.

C:\WINNT\inet20126\<---This folder

C:\update8205282820115244.exe<---This file

 

 

Clean out your Temporary Internet files.

Internet Explorer

Close Internet Explorer and close any instances of Windows Explorer.

Click Start -> Control Panel and then double-click Internet Options.

On the General tab, click Delete Files under Temporary Internet Files.

In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.

On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.

Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.

Click OK.

 

Firefox (In case you also have Firefox installed)

Open Firefox and go to Tools -> Options.

Click Privacy in the menu on the left side of the Options window.

Click the Clear button located to the right of each option (History, Cookies, Cache).

Click OK to close the Options window.

Alternatively, you can clear all information stored while browsing by clicking Clear All.

A confirmation dialog box will be shown before clearing the information.

 

 

Then reboot come back here with a new HijackThis logfile and feedback how is the PC doing. ?

 

 

Gogo :)

Share this post


Link to post
Share on other sites

Hi.

 

First, I'd like to thank you for the concise and detailed instructions you relayed. Wow, very impressive. In addition, I'd like to say the kind and courteous manner in which your advice was delivered was greatly appreciated. Thank you very much!

 

 

Here's my update. I could not find the "inet20125" or the "update8205282820115244.exe" on the C:drive.

Everything else went as advised/expected.

 

The computer seems to be running great from what I can tell at this point. One thing I've been monitoring through out this whole ordeal is the CPU performance via the Task Manager. Prior to executing these last steps the CPU has been maxed out at 100% all the time. Before this infection the CPU would normally run in the 1%-3% range. I'm extremely happy to report the CPU Usage rating is back to "normal". Plus, one thing that has been messed up throughout this ordeal has been the desktop settings. I have not been able to place a custom photo as my wallpaper. Well, it works again. Very cool!

 

Here's my HiJack This! log:

Logfile of HijackThis v1.99.1

Scan saved at 10:36:46 PM, on 12/9/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

C:\WINNT\system32\CTsvcCDA.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINNT\system32\gearsec.exe

C:\WINNT\system32\hidserv.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\MsPMSPSv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\S3apphk.exe

C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

C:\Program Files\mcafee.com\antivirus\oasclnt.exe

C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

C:\Program Files\Common Files\AOL\1137373316\ee\SSCEvtHdlr.exe

C:\Program Files\Common Files\AOL\1137373316\ee\aolsoftware.exe

C:\DOCUME~1\HART-N~1\LOCALS~1\Temp\SSUPDATE.EXE

C:\Program Files\Microsoft Office\Office\OSA.EXE

c:\program files\common files\aol\1137373316\ee\anotify.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\HIJack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [s3apphk] S3apphk.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"

O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137373316\ee\SSCRun.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe

O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe

O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm265YYUS

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{58F75CDC-1AE6-4FA3-B555-E8E7D2DE0BFF}: NameServer = 192.168.0.1,205.171.3.65

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: GearSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

 

 

 

Much Thanks! :)

Share this post


Link to post
Share on other sites

Hey,lofreequency

 

Glad i was able to help in some small way,you did all the work.

now two items i want you to take care of for me.

 

 

1) Download and Install AVG Anti-Spyware© by Grisoft

 

Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it.

The program will now go to the main screen

You will need to update AVG Anti-Spyware to the latest definition files.

On the main screen select the icon Update then select the Update now link

Next select the Start Update button, the update will start and a progress bar will show the updates being installed.

Close AVG Anti-Spyware

 

NOTE: Uninstall Ewido only after downloading AVG anti-spyware

 

 

Once it is installed and updated have a look here.

 

Reboot to Safe mode

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load

If done right a Windows Advanced Options menu will appear.

Select the Safe Mode option and press Enter

 

 

Run AVG Anti-Spyware

Click on Scanner at top

Click on Settings

Once in the Settings screen click on Recommended actions and then select Quarantine

Under Reports, Select Automatically generate report after every scan

Un-Select Only if threats were found

Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan

AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time

Once the scan is complete do the following :

If you have any infections you will prompted, then select Apply all actions

Next select the Reports icon at the top.

Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

Now close AVG Anti-Spyware

 

Reboot into Normal Mode

 

 

2) Update your Java.

 

You have version 1.5.0_06 The current version is 1.5.0.09

 

Older versions have vulnerabilities that malware can use to infect your system.

 

Please follow these steps to remove older version Java components.

 

Close any programmes you may have running, ESPECIALLY your web browser

 

Click Start > Control Panel.

 

Click Add/Remove Programs.

 

Check any item with Java Runtime Environment (JRE or J2SE) in the name.

 

Click the Remove or Change/Remove button.

 

Repeat as many times as necessary to remove all versions of Java.

 

Reboot your computer once all Java components are removed.

 

Then download the latest version of Java Runtime Environment and install it to your computer.

 

 

Gogo :)

Share this post


Link to post
Share on other sites

Hi, things didn't go smooth as I hoped. See what you think. I downloaded AVG, installed. I could not get undates to work. Kept getting a message that their server wasnt ready so serve. After several attempts I decided to go into Safe Mode and scan. After three hours AVG scanned and found three items. One "Zbot" program the was a high threat and two other medium threats. After the scan I tried the "Apply all Actions" Upon doing so AVG froze up and said it couldn't quarintine Zbot, etc. I had to tell it to "say Yes to all". After quite a while, the program was saying it was working on it and nothing happened. I opened the Task Manager to find AVG was not responding. So, I tried shutting down the program and restarting. It took the computer a long time to finally restart. Next, I tried updating AVG again. This time the update task bar pegged to the right quickly but just stayed there and never seemed to finish, or did it? Again I let it run for a long time...nothing changed. So, I shut it down and restarted in Safe Mode and re-ran AVG...this time I just did a quick scan, since I'm confident there's nothing on my F:drive. AVG found the two medium threats from last time but not the high threat. I "appied all actions" and they took. I restarted and uninstalled the Java's, then reinstalled the newest version. I had to go into the manual update screen to get it to download proberly. So, that's where I am. ;)

Share this post


Link to post
Share on other sites

Hi,lofreequency

 

Hmm ok other then the problem with AVG anti-spyware all is good

now two things here.

 

1) See if a Uninstall reinstall of AVG help

 

 

2) Please run Panda's ActiveScan and perform a full system scan.

Once you are on the Panda site click the Scan your PC button (be sure to disable your popup blocker first )

A new window will open...click the big Check Now button

Enter your Country

Enter your State/Province

Enter your e-mail address and click send

Select either Home User or Company

Click the big Scan Now button

If it wants to install an ActiveX component allow it

It will start downloading the files it requires for the scan (Note: It will take a couple minutes)

Click on Local Disks to start the scan

Click on see report Then click Save report

 

 

Gogo ;)

Share this post


Link to post
Share on other sites

Ok, ran Panda...it found some stuff and I saved the scan.

 

Incident Status Location

 

Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\

Virus:Trj/Keylog.JA Disinfected C:\avenger\backup.zip[avenger/winupdate.dll]

Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/winupdtm.dll]

Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/wupdmnt.dll]

Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/w_update.dll]

Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/w_update.dll-ren-5443]

Adware:Adware/SpywareStrike Not disinfected C:\Documents and Settings\hart-navarre1\Application Data\Business Logic\UWC\Backup\J38771.7810598958.WCU[C:/WINNT/system32/hp15EB.tmp]

Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\hart-navarre1\Application Data\Business Logic\UWC\Backup\J38771.7810598958.WCU[C:/WINNT/system32/ld54E0.tmp]

Adware:Adware/SpywareStrike Not disinfected C:\Documents and Settings\hart-navarre1\Application Data\Business Logic\UWC\Backup\J38773.3924754745.WCU[C:/WINNT/system32/hp1470.tmp]

Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\hart-navarre1\Application Data\Business Logic\UWC\Backup\J38773.3924754745.WCU[C:/WINNT/system32/ld4F85.tmp]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\hart-navarre1\Cookies\[email protected][1].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\hart-navarre1\Cookies\[email protected][1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\hart-navarre1\Cookies\[email protected][2].txt

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\hart-navarre1\Desktop\Anti-Spyware Programs\smitRem.exe[smitRem/Process.exe]

Possible Virus. Not disinfected C:\Documents and Settings\hart-navarre1\Desktop\Anti-Spyware Programs\smitRem.exe[smitRem/swreg.exe]

Possible Virus. Not disinfected C:\Documents and Settings\hart-navarre1\Desktop\Anti-Spyware Programs\smitremextracted\smitRem\swreg.exe

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\hart-navarre1\Desktop\Anti-Spyware Programs\VirtumundoBeGone.exe[²ƒÇ]

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\hart-navarre1\DoctorWeb\Quarantine\Process.exe

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\hart-navarre1\DoctorWeb\Quarantine\Process0.exe

Possible Virus. Not disinfected C:\Documents and Settings\hart-navarre1\DoctorWeb\Quarantine\wupdmng.dll

Possible Virus. Not disinfected C:\Program Files\America Online 9.0\download\smitRem\swreg.exe

 

 

 

I also unistalled and reinstalled AVG...seems like it's normal now. Updates loaded and said it was successful in doing so...

Edited by lofreequency

Share this post


Link to post
Share on other sites

Hi,lofreequency

 

Great work glad you got it going for you now as for what Panda

found no big thing there just back-ups just goto where it shows

in the logfile and delete them.

 

some of the items are just backups from tools you and i have

been using like say smitRem, VirtumundoBeGone, and so just goto where they

show up in the logfile and delete them.

 

also

 

empty your Doctor Web Quarantine folder

 

and now give me some feedback how is the PC now so we may go on

to the last steps here.

 

Gogo ;)

Share this post


Link to post
Share on other sites

Hi, I found theDr. Web quatantine folder and empltied. But

I'm unclear what to do specifically regarding your instructions about Panda where you say "goto where it shows

in the logfile and delete them.

 

some of the items are just backups from tools you and i have

been using like say smitRem, VirtumundoBeGone, and so just goto where they

show up in the logfile and delete them."

 

Please advise...I guess I need more specific instrucions as I'm not clear where to find said logfiles. Sorry and thanks.

 

 

Ths computer seems to be running good. The CPU usage is "normal" and the running prcessing are down to 52...i thik before we started this it was over 60.

 

<Edit> I have found a couple Panda related files in WINTT/System32/Activescan folder called "Panda Activescan" are these the files? When I try to open them it doesn't know what program to use...if I use say Wordpad a bunch of code comed up that I don't understand.

 

 

Hi,lofreequency

 

Great work glad you got it going for you now as for what Panda

found no big thing there just back-ups just goto where it shows

in the logfile and delete them.

 

some of the items are just backups from tools you and i have

been using like say smitRem, VirtumundoBeGone, and so just goto where they

show up in the logfile and delete them.

 

also

 

empty your Doctor Web Quarantine folder

 

and now give me some feedback how is the PC now so we may go on

to the last steps here.

 

Gogo ;)

Edited by lofreequency

Share this post


Link to post
Share on other sites

Hey,lofreequency

 

Ok my bad it's not you it's me :huh:

 

Ok for these here go ------>C:\avenger\backup.zip<----Delete this here

Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\

 

Virus:Trj/Keylog.JA Disinfected C:\avenger\backup.zip[avenger/winupdate.dll]

 

Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/winupdtm.dll]

 

Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/wupdmnt.dll]

 

Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/w_update.dll]

 

Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/w_update.dll-ren-5443]

 

 

For these here goto------>C:\Documents and Settings\hart-navarre1\Application Data\Business Logic\UWC\Backup\<---Clean out this folder

 

 

Adware:Adware/SpywareStrike Not disinfected C:\Documents and Settings\hart-navarre1\Application Data\Business Logic\UWC\Backup\J38771.7810598958.WCU[C:/WINNT/system32/hp15EB.tmp]

 

Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\hart-navarre1\Application Data\Business Logic\UWC\Backup\J38771.7810598958.WCU[C:/WINNT/system32/ld54E0.tmp]

 

Adware:Adware/SpywareStrike Not disinfected C:\Documents and Settings\hart-navarre1\Application Data\Business Logic\UWC\Backup\J38773.3924754745.WCU[C:/WINNT/system32/hp1470.tmp]

 

Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\hart-navarre1\Application Data\Business Logic\UWC\Backup\J38773.3924754745.WCU[C:/WINNT/system32/ld4F85.tmp]

 

These here we will get in are last steps

 

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\hart-navarre1\Cookies\[email protected][1].txt

 

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\hart-navarre1\Cookies\[email protected][1].txt

 

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\hart-navarre1\Cookies\[email protected][2].txt

 

These here are on your desktop in a folder called Anti-Spyware Programs<---Clean out this folder

 

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\hart-navarre1\Desktop\Anti-Spyware Programs\smitRem.exe[smitRem/Process.exe]

 

Possible Virus. Not disinfected C:\Documents and Settings\hart-navarre1\Desktop\Anti-Spyware Programs\smitRem.exe[smitRem/swreg.exe]

 

Possible Virus. Not disinfected C:\Documents and Settings\hart-navarre1\Desktop\Anti-Spyware Programs\smitremextracted\smitRem\swreg.exe

 

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\hart-navarre1\Desktop\Anti-Spyware Programs\VirtumundoBeGone.exe[²ƒÇ]

 

 

These here are the DoctorWeb Quarantine folder<----Clean it out

 

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\hart-navarre1\DoctorWeb\Quarantine\Process.exe

 

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\hart-navarre1\DoctorWeb\Quarantine\Process0.exe

 

Possible Virus. Not disinfected C:\Documents and Settings\hart-navarre1\DoctorWeb\Quarantine\wupdmng.dll

 

This last one go here--->C:\Program Files\America Online 9.0\download\smitRem\<---Delete this folder

Possible Virus. Not disinfected C:\Program Files\America Online 9.0\download\smitRem\swreg.exe

 

 

Gogo ;)

Share this post


Link to post
Share on other sites

No prob. Again, much appreciation for the help here

 

I'm at work now and won't be able to get to those steps until this evening. But I wanted to ask for clarity's sake, when you say "<---Delete this here" or ,<---Clean out this folder" then you list certain entries, are those entries just listed because they are the suspected bad ones and I am to delete the entire folder right, not just specific entries? I already emptied the entire Dr. Web folder as instructed in your last post...that was OK? Also, the "Anti-Spyware Programs" folder on my desktop contains all the programs we've been using...will this delete those programs too?

 

Much thanks!

Edited by lofreequency

Share this post


Link to post
Share on other sites

Hi,

 

I hope this helps let me know.

 

 

Virus:Trj/Keylog.JA Disinfected C:\avenger\backup.zip[avenger/winupdate.dll]

 

 

 

Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/winupdtm.dll]

 

 

 

Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/wupdmnt.dll]

 

 

 

Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/w_update.dll]

 

 

 

Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/w_update.dll-ren-5443]

 

Ok these first 5 are in C:\Drive\in a folder called avenger

so delete the folder called Avenger

 

================================================================

For the next 4 items goto

 

C:\Documents and Settings\hart-navarre1\Application Data\Business Logic\UWC\Backup\<---Clean out this folder here

 

================================================================

These items here are just cookies we will get on are last steps

 

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\hart-navarre1\Cookies\[email protected][1].txt

 

 

 

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\hart-navarre1\Cookies\[email protected][1].txt

 

 

 

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\hart-navarre1\Cookies\[email protected][2].txt

 

================================================================

For these 4 items here as i said they are in a folder on you desktop

called Anti-Spyware Programs.you are no longer using the tools so delete

the folder.

 

 

 

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\hart-navarre1\Desktop\Anti-Spyware Programs\smitRem.exe[smitRem/Process.exe]

 

 

 

Possible Virus. Not disinfected C:\Documents and Settings\hart-navarre1\Desktop\Anti-Spyware Programs\smitRem.exe[smitRem/swreg.exe]

 

 

 

Possible Virus. Not disinfected C:\Documents and Settings\hart-navarre1\Desktop\Anti-Spyware Programs\smitremextracted\smitRem\swreg.exe

 

 

 

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\hart-navarre1\Desktop\Anti-Spyware Programs\VirtumundoBeGone.exe[²ƒÇ]

 

 

================================================================

This last one just delete the folder smitRem

 

 

C:\Program Files\America Online 9.0\download\smitRem\<--This folder

 

 

Gogo :huh:

Share this post


Link to post
Share on other sites

Hi, thanks for the clarifications...just wanted to make sure I understood and didn't delete anything wrong.

 

 

I just deleted everything you requested.

 

Computer seems fine with one exception, when I booted up I got an error that popped up as the desktop items were still loading:

 

"avgas.exe-unable to locate DLL...then it lised a few items (probably not exactly as I'm typing them here as I wrote them down quickly) such as, C:program/filesgrisoft/avg and C:winnt/system32 and C:winnt system 32/wbem and C:winnt/quicktime/qtsystem."

 

Thanks ;)

Share this post


Link to post
Share on other sites

Hi,lofreequency

 

Hmm odd this is after removing the backups i had you delete. ?

could you try and disable AVG from running at startup.

tell me if it happens again.

 

i forgot to add after that the PC is running good??

 

Gogo ;)

Share this post


Link to post
Share on other sites

Hi,lofreequency

 

Here something more to try

 

To run Error Checking in WinXP, double-click the My Computer icon on your Desktop and right-click the drive you want to check. Click Properties, select the Tools tab, and click the Check Now button under Error-Checking. Select the Automatically Fix File System Errors and Scan For And Attempt Recovery Of Bad Sectors checkboxes and click Start.

 

NOTE:

 

at some point it will ask if you would like to reboot/restart please say yes/Ok

 

Gogo ;)

Share this post


Link to post
Share on other sites

First, when I started the computer initially this evening, i had not yet deleted any of the those files. I went online and followed your instructions and waited for your last post.

 

I restarted the computer thinking maybe the error message popped-up because I hadn't restarted after deleting. The error message came back. I then realized I had forgotten to take AVG out of the start-up as you suggested. So, I did that and resarted and everything booted normally...no errors!

 

 

Computer is running very good!

 

 

Much thanks! ;)

Share this post


Link to post
Share on other sites

Hi, a small update. I didn't have much time to do a lot, but I did run a few applications last night. The only error I encountered was with my Sound Forge 8 program, which upon tring to start it up, an error message appeared saying "SF80.exe" could not be found and the program would have to be restarted. I thought I'd try reinstalling from my disc. For some reason it would not repond to starting the reinstall process from the disc. I could browse the CD fine, but when I hit the "install" feature...nothing. So, I did the error search you recommended above...all came out clear...no errors found. I tried SF again, same error message. So I went into the Programs folder and found the application file and clicked on it and it reinstalled the program from there, but it still won't start. Do I need to copy the "exe" file to the harddrive? All other similiar programs seem to be opening and operating fine from what I can tell at the point, including an older version of Sound Forge I still have on the computer.

 

Also, besides the AOL 9.0 SE security stuff and Ad-Aware, should I be running any of those other programs we used on a regular basis?

 

Thanks. :)

Share this post


Link to post
Share on other sites

Hi. Lastly, I got Sound Forge to finally install properly (uninstall previous, reinstall, restart). I just wanted to say THANK YOU VERY MUCH FOR YOUR HELP! MUCH APPRECIATED!

 

 

Things are working great! :D

 

Hi, a small update. I didn't have much time to do a lot, but I did run a few applications last night. The only error I encountered was with my Sound Forge 8 program, which upon tring to start it up, an error message appeared saying "SF80.exe" could not be found and the program would have to be restarted. I thought I'd try reinstalling from my disc. For some reason it would not repond to starting the reinstall process from the disc. I could browse the CD fine, but when I hit the "install" feature...nothing. So, I did the error search you recommended above...all came out clear...no errors found. I tried SF again, same error message. So I went into the Programs folder and found the application file and clicked on it and it reinstalled the program from there, but it still won't start. Do I need to copy the "exe" file to the harddrive? All other similiar programs seem to be opening and operating fine from what I can tell at the point, including an older version of Sound Forge I still have on the computer.

 

Also, besides the AOL 9.0 SE security stuff and Ad-Aware, should I be running any of those other programs we used on a regular basis?

 

Thanks. :)

Share this post


Link to post
Share on other sites

Hey,lofreequency

 

Sorry for not gething at you on this.and please you did all the work

now not sue i did this with you Yet.

 

 

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

 

 

Next, let's clean your restore points and set a new one

 

 

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

 

1. Turn off System Restore.

* On the Desktop, right-click My Computer.

* Click Properties.

* Click the System Restore tab.

* CHECK Turn off System Restore.

* Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.

* On the Desktop, right-click My Computer.

* Click Properties.

* Click the System Restore tab.

* UN-Check Turn off System Restore.

* Click Apply, and then click OK.

 

System Restore will now be active again.

 

 

Then create a new restore point once you have System Restore back on.

To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore.

When the System Restore Utility opens, click "Create a Restore Point" then click Next.

Enter a name for this Restore Point, and click Create.

 

 

Clean out your Temporary Internet files.

Internet Explorer

Close Internet Explorer and close any instances of Windows Explorer.

Click Start -> Control Panel and then double-click Internet Options.

On the General tab, click Delete Files under Temporary Internet Files.

In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.

On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.

Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.

Click OK.

 

Firefox (In case you also have Firefox installed)

Open Firefox and go to Tools -> Options.

Click Privacy in the menu on the left side of the Options window.

Click the Clear button located to the right of each option (History, Cookies, Cache).

Click OK to close the Options window.

Alternatively, you can clear all information stored while browsing by clicking Clear All.

A confirmation dialog box will be shown before clearing the information.

 

 

Make your Internet Explorer more secure - This can be done by following these simple instructions:

1. From within Internet Explorer click on the Tools menu and then click on Options.

2. Click once on the Security tab

3. Click once on the Internet icon so it becomes highlighted.

4. Click once on the Custom Level button.

a. Change the Download signed ActiveX controls to Prompt

b. Change the Download unsigned ActiveX controls to Disable

c . Change the Initialize and script ActiveX controls not marked as safe to Disable

d. Change the Installation of desktop items to Prompt

e. Change the Launching programs and files in an IFRAME to Prompt

f. Change the Navigate sub-frames across different domains to Prompt

g. When all these settings have been made, click on the OK button.

h. If it prompts you as to whether or not you want to save the settings, press the Yes button.

5. Next press the Apply button and then the OK to exit the Internet Properties page.

 

 

And last have a look at the great info here by Mr,Tk

So how did I get infected in the first place

 

 

Gogo :D

Share this post


Link to post
Share on other sites
Sign in to follow this