Sign in to follow this  
Nicked

Antispyware Solutions Infection

Recommended Posts

Help

 

My system has been infected by antispywaresolutions.com. I'm experiencing the same symptoms I've seen reported by others...constant popups, red screen, disabled task manager.

 

I've run ad-aware, but that didn't help.

 

So I downloaded HijackThis and ran it...the log file is as follows:

 

Logfile of HijackThis v1.99.1

Scan saved at 8:33:57 PM, on 6/14/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\tmrsrv32.exe

C:\WINDOWS\system32\msorcl32.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program Files\Kuma Games\hcsystray\hc_tray.exe

C:\Documents and Settings\All Users\Application Data\hwfutczk.exe

C:\WINDOWS\system32\scchk32.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Electronic Arts\EA Link\Core.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\csrss.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\Kevin\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)

O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)

O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll

O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)

O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)

O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\yofmdcdg.dll

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe

O4 - HKLM\..\Run: [hwfutczk.exe] C:\Documents and Settings\All Users\Application Data\hwfutczk.exe

O4 - HKLM\..\Run: [sC2] C:\WINDOWS\system32\scchk32.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://locator.cdn.imageservr.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

 

 

Can someone help?

Share this post


Link to post
Share on other sites

* You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

 

* Download smitRem.exe and save the file to your desktop.

Double click on the file to extract it to it's own folder on the desktop.

 

* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.

This is a 30 day trial of the program

  1. Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.
  3. Run AVG Anti-Spyware
  4. From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
  5. After the update finishes (the status bar at the bottom will display "Update successful")
  6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  7. Under "Reports
  8. Select "Automatically generate report after every scan"
  9. Un-Select "Only if threats were found"

Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

 

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:

Ad-Aware SE Setup

Again, do NOT run a scan yet.

 

 

* Next, please reboot your computer in Safe Mode by doing the following:

  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.

Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

 

* Next, run Ad-aware and perform a full scan. Remove everything found.

  1. Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  3. AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  4. If you have any infections you will prompted, then select "Apply all actions"
  5. Next select the "Reports" icon at the top.
  6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

* Restart your computer in normal mode.

 

* Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

 

* Run the Panda online virus scan at http://www.pandasoftware.com/products/activescan.htm

 

- Once you are on the Panda site click the Scan your PC button

- A new window will open...click the Check Now button

- Enter your Country

- Enter your State/Province

- Enter your e-mail address and click send

- Select either Home User or Company

- Click the big Scan Now button

- If it wants to install an ActiveX component allow it

- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

- When download is complete, click on Local Disks to start the scan

- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

 

* Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the AVG Anti-Spyware 7.5 scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.

Let us know if any problems persist.

Share this post


Link to post
Share on other sites

Thanks Jurgenv

 

I've followed your instructions completely, The symptoms seem much improved, although there is still a "your system is infected" warning coming up on the toolbar that may still be from antispycolutions.

 

 

Here are the logs

 

HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 11:36:54 PM, on 6/15/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program Files\Kuma Games\hcsystray\hc_tray.exe

C:\WINDOWS\system32\scchk32.exe

C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\csrss.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\Kevin\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)

O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)

O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll

O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)

O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)

O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\yofmdcdg.dll (file missing)

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe

O4 - HKLM\..\Run: [sC2] C:\WINDOWS\system32\scchk32.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://locator.cdn.imageservr.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

 

 

AVG:

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 10:27:09 PM 6/15/2007

 

+ Scan result:

 

 

 

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Cleaned with backup (quarantined).

HKU\S-1-5-21-3897814687-3101782725-2089980891-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 -> Adware.RogueSuspect : Cleaned with backup (quarantined).

C:\Program Files\Ultimate Cleaner -> Adware.RogueSuspect : Cleaned with backup (quarantined).

C:\Program Files\Ultimate Defender -> Adware.RogueSuspect : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\stera.job -> Adware.RogueSuspect : Cleaned with backup (quarantined).

HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).

HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum -> Adware.WinAntiVirus : Cleaned with backup (quarantined).

HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).

HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Cleaned with backup (quarantined).

HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum -> Adware.WinAntiVirus : Cleaned with backup (quarantined).

HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\wmvds32.dll -> Downloader.VB.asx : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\tmrsrv32.exe -> Downloader.VB.avl : Cleaned with backup (quarantined).

C:\Documents and Settings\Dan\Local Settings\Temp\jbvqxhdc.dll -> Logger.VBStat.c : Cleaned with backup (quarantined).

C:\Documents and Settings\Dan\Local Settings\Temp\lqjkhkmc.dll -> Logger.VBStat.c : Cleaned with backup (quarantined).

C:\Documents and Settings\Dan\Local Settings\Temp\oonmrwys.dll -> Logger.VBStat.c : Cleaned with backup (quarantined).

C:\Documents and Settings\Dan\Local Settings\Temp\vkafivya.dll -> Logger.VBStat.c : Cleaned with backup (quarantined).

C:\Documents and Settings\Dan\Local Settings\Temp\vxwcfupe.dll -> Logger.VBStat.c : Cleaned with backup (quarantined).

C:\Documents and Settings\Dan\Local Settings\Temp\yftynned.dll -> Logger.VBStat.c : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\wctrggdp.dll -> Logger.VBStat.c : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\glrgxcrr.dll -> Logger.VBStat.d : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\agquewnh.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\bcdqmyoq.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\blfrhiit.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\cjhtxaop.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\diklvhgn.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\dwmxcwhu.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\eevhphjj.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\fnwbnpbn.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\gkaovkai.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\gldoctrr.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\hmasabpt.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\imstsxio.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\jhmiumry.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\jmjdhtvv.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\jqwnoqbj.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\jwanertt.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\kchnolwd.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\krbfoxsw.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\ktingkqm.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\ludngiip.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\lufqxncq.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\mjqdxtne.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\nihhwxju.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\pksbxasg.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\qvlbthxn.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\rfdgitca.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\sdcrbjoj.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\tfobssgv.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\vqbyldqy.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\wvemlovt.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\xonuxwtv.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\yqflmyan.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\ajgdveoh.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\baicplcc.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\bbalkvqj.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\bbyenymp.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\bchypcxw.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\bdifvqln.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\btgdbjad.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\buimfptr.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\ccaokqcc.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\ccuimknf.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\crocutof.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\cshwwpbu.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\dlocivoi.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\dvbcylgy.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\edhsphsm.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\eqxalpan.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\etvhbdql.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\fbslmfyh.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\fcdbjbyg.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\fcnysnbq.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\gjwqejph.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\gltybrpx.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\hjusorbu.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\ighaplya.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\ilskjxda.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\iogspcvq.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\jgxvvreb.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\jjfbeuvs.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\jkcpduin.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\kmqwuwmj.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\ksqdhxjl.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\lptkcnkj.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\ltartwsa.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\lvarbjpo.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\lxwhduaq.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\mcpkjbex.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\nasbydaw.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\nfhlsopu.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\nqneiybc.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\nqxfmgxy.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\nwtrutcn.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\oiljktyo.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\onjoamtq.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\oodvggqu.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\qcjnhfhx.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\qdtplacu.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\qhrqoirc.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\qoryjcly.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\sysfhsdl.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\tljxclsd.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\utcjgxvc.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\uvjqmaug.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\wcsdglrv.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\wgfeepak.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\xhgkxauw.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\xjnuthlx.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\xkyxinee.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\xlhuvvdy.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\ypcmstxx.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\yqipkcoh.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\yvakymum.dll -> Logger.VBStat.g : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\bhpmmnac.dll -> Logger.VBStat.i : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\birqsbdl.dll -> Logger.VBStat.i : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\grodmubc.dll -> Logger.VBStat.i : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\nqfaitkx.dll -> Logger.VBStat.i : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\omlnsvmt.dll -> Logger.VBStat.i : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\ruqlbsgk.dll -> Logger.VBStat.i : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\vdttuopc.dll -> Logger.VBStat.i : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\vvrvfmpx.dll -> Logger.VBStat.i : Cleaned with backup (quarantined).

C:\VundoFix Backups\bbayhify.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored.

C:\VundoFix Backups\doiuhamv.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored.

C:\VundoFix Backups\dqswmkeq.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored.

C:\VundoFix Backups\jmuqjjib.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored.

C:\VundoFix Backups\qbpjhrcm.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored.

C:\VundoFix Backups\rbtvydew.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored.

C:\VundoFix Backups\snenbelh.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored.

C:\WINDOWS\SYSTEM32\afcdgijn.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\bjdjvjua.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\bnvdyuov.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\clrhuefi.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\cpwmihlh.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\cqnqytfa.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\evffqhsv.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\exbxiofn.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\iqvfirsr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\kjptgocy.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\ktpnpmuv.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\lpglaxyo.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\mkbpythi.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\mosieutr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\mxqnxycb.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\ncennayt.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\ntdjkpsu.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\pfriijti.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\qsiprklf.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\riuoragu.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\rrlwlsfl.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\ruexnveh.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\texsfavk.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\tjxhuxnw.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\tsjyempj.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

C:\WINDOWS\SYSTEM32\ungqkjks.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored.

:mozilla.10:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\t9479etj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.9:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\t9479etj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Adobe : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Adtrak : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Belstat : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Clickzs : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Cnn : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Connextra : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Dealtime : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Enhance : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Epilot : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Gamingpromo : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Gamingpromo : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Goclick : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Goclick : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Goldenpalace : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Googleadservices : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Hypertracker : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Idot : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Info : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Info : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Intelli-direct : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Live : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Masterstats : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Netflame : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected]e[2].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Paypal : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Paypal : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Realcastmedia : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Realmedia : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Top-banners : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Toplist : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Yadro : Cleaned.

C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\VundoFix Backups\DP.sys.bad -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\afywiqkj.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\auswreka.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\bpmxdhil.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\chpeejmk.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\dfminahb.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\fmhgucbv.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\frenvdwh.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\gipmwhbe.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\hauhutln.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\iuedtrqs.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\kyonqxju.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\pgsaivvl.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\pvgpgpte.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\qxxmqtet.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\sjjpqwdf.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\ugvfnhma.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\vuwsreva.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\vuxgmqfg.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\ygqpyomi.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\yiknvjfs.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\yysxigmd.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\yofmdcdg.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP734\A0096444.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP735\A0096460.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP735\A0096659.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP736\A0096897.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\WINDOWS\sysrlb32.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\VundoFix Backups\nclnyywr.exe.bad -> Trojan.Small.ju : Cleaned with backup (quarantined).

C:\VundoFix Backups\pctcjywa.exe.bad -> Trojan.Small.ju : Cleaned with backup (quarantined).

C:\VundoFix Backups\qaxkfuxr.exe.bad -> Trojan.Small.ju : Cleaned with backup (quarantined).

C:\VundoFix Backups\xibwiswv.exe.bad -> Trojan.Small.ju : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\khaqkwsw.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\ompymqqb.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\xnxyxmik.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).

 

 

::Report end

 

Smitfiles:

 

smitRem © log file

version 3.2

 

by noahdfear

 

 

Microsoft Windows XP [Version 5.1.2600]

"IE"="6.0000"

The current date is: Fri 06/15/2007

The current time is: 21:21:44.98

 

Running from

C:\Documents and Settings\Kevin\Desktop\smitRem

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Pre-run SharedTask Export

 

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)

Copyright© 2006 BleepingComputer.com

 

Registry Pseudo-Format Mode (Not a valid reg file):

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]

@="%SystemRoot%\system32\browseui.dll"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]

@="%SystemRoot%\system32\browseui.dll"

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Appinitdll check ........ Thank you Grinler!

 

dumphive.exe ©2000-2004 Markus Stephany

REGEDIT4

 

[Windows]

"AppInit_DLLs"=""

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

XP Firewall allowed access

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"

"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Documents and Settings\\Kevin\\My Documents\\EA Games\\The Sims 2\\Downloads\\utorrent.exe"="C:\\Documents and Settings\\Kevin\\My Documents\\EA Games\\The Sims 2\\Downloads\\utorrent.exe:*:Enabled:æTorrent"

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"

"C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe"

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

checking for ShudderLTD key

 

ShudderLTD key not present!

 

checking for PSGuard.com key

 

 

PSGuard.com key not present!

 

 

checking for WinHound.com key

 

 

WinHound.com key not present!

 

 

checking for drsmartload2 key

 

 

drsmartload2 key not present!

 

spyaxe uninstaller NOT present

Winhound uninstaller NOT present

SpywareStrike uninstaller NOT present

AlfaCleaner uninstaller NOT present

SpyFalcon uninstaller NOT present

SpywareQuake uninstaller NOT present

SpywareSheriff uninstaller NOT present

Trust Cleaner uninstaller NOT present

SpyHeal uninstaller NOT present

VirusBurst uninstaller NOT present

BraveSentry uninstaller NOT present

AntiVermins uninstaller NOT present

VirusBursters uninstaller NOT present

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Existing Pre-run Files

 

 

~~~ Program Files ~~~

 

 

 

~~~ Shortcuts ~~~

 

 

 

~~~ Favorites ~~~

 

 

 

~~~ system32 folder ~~~

 

amcompat.tlb

nscompat.tlb

logfiles

 

 

~~~ Icons in System32 ~~~

 

 

 

~~~ Windows directory ~~~

 

susp.exe

 

 

~~~ Drive root ~~~

 

 

~~~ Miscellaneous Files/folders ~~~

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 [email protected]

Killing PID 864 'explorer.exe'

Killing PID 864 'explorer.exe'

 

Starting registry repairs

 

Registry repairs complete

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

SharedTask Export after registry fix

 

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)

Copyright© 2006 BleepingComputer.com

 

Registry Pseudo-Format Mode (Not a valid reg file):

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]

@="%SystemRoot%\system32\browseui.dll"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]

@="%SystemRoot%\system32\browseui.dll"

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Deleting files

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Remaining Post-run Files

 

 

~~~ Program Files ~~~

 

 

 

~~~ Shortcuts ~~~

 

 

 

~~~ Favorites ~~~

 

 

 

~~~ system32 folder ~~~

 

 

 

~~~ Icons in System32 ~~~

 

 

 

~~~ Windows directory ~~~

 

 

 

~~~ Drive root ~~~

 

 

~~~ Miscellaneous Files/folders ~~~

 

 

~~~ Wininet.dll ~~~

 

CLEAN! ;)

 

 

Activescan:

 

 

Incident Status Location

 

Virus:Bck/Agent.FSA Disinfected C:\Documents and Settings\All Users\Application Data\hwfutczk.exe

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\t9479etj.slt\cookies.txt[.atwola.com/]

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kevin\Desktop\Spyware tools\smitRem\Process.exe

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kevin\Desktop\Spyware tools\smitRem.exe[smitRem/Process.exe]

Adware:Adware/SecurityError Not disinfected C:\VundoFix Backups\bbayhify.exe.bad

Adware:Adware/SystemDoctor Not disinfected C:\VundoFix Backups\doiuhamv.exe.bad

Adware:Adware/SecurityError Not disinfected C:\VundoFix Backups\dqswmkeq.exe.bad

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\jkhhf.dll.bad

Adware:Adware/SecurityError Not disinfected C:\VundoFix Backups\jmuqjjib.exe.bad

Adware:Adware/SystemDoctor Not disinfected C:\VundoFix Backups\qbpjhrcm.exe.bad

Adware:Adware/SecurityError Not disinfected C:\VundoFix Backups\rbtvydew.exe.bad

Adware:Adware/SystemDoctor Not disinfected C:\VundoFix Backups\snenbelh.exe.bad

Adware:adware/ncase Not disinfected C:\WINDOWS\180ax.exe

Adware:adware/wupd Not disinfected C:\WINDOWS\install.inf

Virus:Bck/Agent.FSA Disinfected C:\WINDOWS\os1zn2mO7Z.exe

Adware:adware/twain-tech Not disinfected C:\WINDOWS\satmat.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\afcdgijn.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\bjdjvjua.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\bnvdyuov.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\clrhuefi.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\cpwmihlh.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\cqnqytfa.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\evffqhsv.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\exbxiofn.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\iqvfirsr.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\kjptgocy.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\ktpnpmuv.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\lpglaxyo.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\mkbpythi.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\mosieutr.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\mxqnxycb.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\ncennayt.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\ntdjkpsu.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\pfriijti.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\qsiprklf.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\riuoragu.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\rrlwlsfl.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\ruexnveh.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\texsfavk.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\tjxhuxnw.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\tsjyempj.exe

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\ungqkjks.exe

Adware:adware/topconvert Not disinfected C:\WINDOWS\updatetc.exe

Share this post


Link to post
Share on other sites

* Download OTMoveIt.exe from here and place it on your desktop:

http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

 

* Open OTMoveIt.exe.

In the left pane where it says: "Paste List of Files/Folders to be Moved", copy and paste next part:

 

C:\WINDOWS\SYSTEM32\afcdgijn.exe

C:\WINDOWS\SYSTEM32\bjdjvjua.exe

C:\WINDOWS\SYSTEM32\bnvdyuov.exe

C:\WINDOWS\SYSTEM32\clrhuefi.exe

C:\WINDOWS\SYSTEM32\cpwmihlh.exe

C:\WINDOWS\SYSTEM32\cqnqytfa.exe

C:\WINDOWS\SYSTEM32\evffqhsv.exe

C:\WINDOWS\SYSTEM32\exbxiofn.exe

C:\WINDOWS\SYSTEM32\iqvfirsr.exe

C:\WINDOWS\SYSTEM32\kjptgocy.exe

C:\WINDOWS\SYSTEM32\ktpnpmuv.exe

C:\WINDOWS\SYSTEM32\lpglaxyo.exe

C:\WINDOWS\SYSTEM32\mkbpythi.exe

C:\WINDOWS\SYSTEM32\mosieutr.exe

C:\WINDOWS\SYSTEM32\mxqnxycb.exe

C:\WINDOWS\SYSTEM32\ncennayt.exe

C:\WINDOWS\SYSTEM32\ntdjkpsu.exe

C:\WINDOWS\SYSTEM32\pfriijti.exe

C:\WINDOWS\SYSTEM32\qsiprklf.exe

C:\WINDOWS\SYSTEM32\riuoragu.exe

C:\WINDOWS\SYSTEM32\rrlwlsfl.exe

C:\WINDOWS\SYSTEM32\ruexnveh.exe

C:\WINDOWS\SYSTEM32\texsfavk.exe

C:\WINDOWS\SYSTEM32\tjxhuxnw.exe

C:\WINDOWS\SYSTEM32\tsjyempj.exe

C:\WINDOWS\SYSTEM32\ungqkjks.exe

C:\WINDOWS\updatetc.exe

C:\WINDOWS\system32\msdn_lib.dll

 

Then click the MoveIt button below.

In case you get a "Bad Image" error, just click OK at the promt. It will move the file anyway.

When done, it will create a log (********_******.log -- * stands for date and time) in next folder: C:\_OTMoveIt\MovedFiles.

Copy and paste this log in your next reply with a new hijackthis log.

Share this post


Link to post
Share on other sites

Jurgenv,

 

Done...

 

Move it log:

 

 

 

C:\WINDOWS\SYSTEM32\afcdgijn.exe moved successfully.

C:\WINDOWS\SYSTEM32\bjdjvjua.exe moved successfully.

C:\WINDOWS\SYSTEM32\bnvdyuov.exe moved successfully.

C:\WINDOWS\SYSTEM32\clrhuefi.exe moved successfully.

C:\WINDOWS\SYSTEM32\cpwmihlh.exe moved successfully.

C:\WINDOWS\SYSTEM32\cqnqytfa.exe moved successfully.

C:\WINDOWS\SYSTEM32\evffqhsv.exe moved successfully.

C:\WINDOWS\SYSTEM32\exbxiofn.exe moved successfully.

C:\WINDOWS\SYSTEM32\iqvfirsr.exe moved successfully.

C:\WINDOWS\SYSTEM32\kjptgocy.exe moved successfully.

C:\WINDOWS\SYSTEM32\ktpnpmuv.exe moved successfully.

C:\WINDOWS\SYSTEM32\lpglaxyo.exe moved successfully.

C:\WINDOWS\SYSTEM32\mkbpythi.exe moved successfully.

C:\WINDOWS\SYSTEM32\mosieutr.exe moved successfully.

C:\WINDOWS\SYSTEM32\mxqnxycb.exe moved successfully.

C:\WINDOWS\SYSTEM32\ncennayt.exe moved successfully.

C:\WINDOWS\SYSTEM32\ntdjkpsu.exe moved successfully.

C:\WINDOWS\SYSTEM32\pfriijti.exe moved successfully.

C:\WINDOWS\SYSTEM32\qsiprklf.exe moved successfully.

C:\WINDOWS\SYSTEM32\riuoragu.exe moved successfully.

C:\WINDOWS\SYSTEM32\rrlwlsfl.exe moved successfully.

C:\WINDOWS\SYSTEM32\ruexnveh.exe moved successfully.

C:\WINDOWS\SYSTEM32\texsfavk.exe moved successfully.

C:\WINDOWS\SYSTEM32\tjxhuxnw.exe moved successfully.

C:\WINDOWS\SYSTEM32\tsjyempj.exe moved successfully.

C:\WINDOWS\SYSTEM32\ungqkjks.exe moved successfully.

C:\WINDOWS\updatetc.exe moved successfully.

C:\WINDOWS\system32\msdn_lib.dll unregistered successfully.

C:\WINDOWS\system32\msdn_lib.dll moved successfully.

 

Created on 06/16/2007 09:51:27

 

 

Hijack this log:

 

Logfile of HijackThis v1.99.1

Scan saved at 9:54:08 AM, on 6/16/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Kuma Games\hcsystray\hc_tray.exe

C:\WINDOWS\system32\scchk32.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe

C:\WINDOWS\csrss.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

c:\program files\mcafee.com\shared\mcinfo.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\Kevin\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)

O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)

O2 - BHO: (no name) - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - (no file)

O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)

O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)

O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)

O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\yofmdcdg.dll (file missing)

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe

O4 - HKLM\..\Run: [sC2] C:\WINDOWS\system32\scchk32.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://locator.cdn.imageservr.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

Share this post


Link to post
Share on other sites

1. Download this file - combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Share this post


Link to post
Share on other sites

Jurgenv,

 

done...

 

Combofix log:

 

 

ComboFix 07-06-13.3 - C:\Documents and Settings\Kevin\Desktop\ComboFix.exe

"Kevin" - 2007-06-16 14:26:24 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\764.exe

C:\WINDOWS\csrss.exe

C:\WINDOWS\hosts

C:\WINDOWS\system32\~.exe

 

 

((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 )))))))))))))))))))))))))))))))

 

 

2007-06-16 14:26 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-15 22:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan

2007-06-15 21:05 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys

2007-06-15 19:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\cogvvvmm

2007-06-14 18:48 99,072 --a------ C:\cogvvvmm1.exe

2007-06-14 18:48 94,464 --a------ C:\cogvvvmm3.exe

2007-06-14 18:48 286,720 --a------ C:\WINDOWS\SYSTEM32\scchk32.exe

2007-06-14 18:48 100,096 --a------ C:\cogvvvmm2.exe

2007-06-14 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

2007-06-14 01:14 4 --a------ C:\WINDOWS\SYSTEM32\stfv.bin

2007-06-14 01:14 12 --a------ C:\WINDOWS\SYSTEM32\sl.bin

2007-06-14 01:12 32,256 --a------ C:\WINDOWS\180ax.exe

2007-06-14 01:12 31,232 --a------ C:\WINDOWS\stcloader.exe

2007-06-14 01:12 30,720 --a------ C:\WINDOWS\7search.dll

2007-06-14 01:12 30,464 --a------ C:\WINDOWS\bjam.dll

2007-06-14 01:12 27,136 --a------ C:\WINDOWS\wml.exe

2007-06-14 01:12 26,880 --a------ C:\WINDOWS\flt.dll

2007-06-14 01:12 26,368 --a------ C:\WINDOWS\bokja.exe

2007-06-14 01:12 25,344 --a------ C:\WINDOWS\SYSTEM32\wml.exe

2007-06-14 01:12 24,064 --a------ C:\WINDOWS\salm.exe

2007-06-14 01:12 21,760 --a------ C:\WINDOWS\vxddsk.exe

2007-06-14 01:12 20,480 --a------ C:\WINDOWS\swin32.dll

2007-06-14 01:12 19,968 --a------ C:\WINDOWS\SYSTEM32\WER8274.DLL

2007-06-14 01:12 18,688 --a------ C:\WINDOWS\satmat.exe

2007-06-14 01:12 17,920 --a------ C:\WINDOWS\SYSTEM32\MSIXU.DLL

2007-06-14 01:12 17,664 --a------ C:\WINDOWS\saiemod.dll

2007-06-14 01:12 17,408 --a------ C:\WINDOWS\mspphe.dll

2007-06-14 01:12 16,640 --a------ C:\WINDOWS\cdsm32.dll

2007-06-14 01:12 15,872 --a------ C:\WINDOWS\pbar.dll

2007-06-14 01:12 13,312 --a------ C:\WINDOWS\SYSTEM32\vxddsk.exe

2007-06-14 01:12 12,800 --a------ C:\WINDOWS\voiceip.dll

2007-06-14 01:12 12 --a------ C:\WINDOWS\SYSTEM32\gtv_sd.bin

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-16 13:43:20 -------- d-----w C:\Program Files\Google

2007-06-16 03:48:44 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-40011102}.dat

2007-06-16 03:48:44 384 ----a-w C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-40011102}.dat

2007-06-16 03:20:45 -------- d-----w C:\Program Files\QuickTime

2007-06-16 03:14:53 -------- d-----w C:\Program Files\Messenger

2007-06-16 03:04:58 -------- d-----w C:\Program Files\DellSupport

2007-06-15 03:00:19 -------- d-----w C:\Program Files\GIMP-2.0

2007-06-06 17:32:53 -------- d--h--w C:\DOCUME~1\Kevin\APPLIC~1\Move Networks

2007-05-28 03:01:03 -------- d-----w C:\DOCUME~1\Kevin\APPLIC~1\gtk-2.0

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-15 20:14:18 -------- d-----w C:\DOCUME~1\Kevin\APPLIC~1\EmuPatchMixDSP

2007-05-05 23:56:24 -------- d-----w C:\DOCUME~1\Kevin\APPLIC~1\Google

2007-05-04 22:56:48 -------- d-----w C:\Program Files\Petersons

2007-05-04 22:56:47 -------- d--h--w C:\Program Files\Zero G Registry

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

2005-10-23 03:25:08 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 16:17]

{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 03:05]

{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}=C:\WINDOWS\system32\yofmdcdg.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48]

"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 14:16]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52]

"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12]

"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 18:54]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 03:01]

"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-15 09:58]

"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 17:15]

"MCAgentExe"="C:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]

"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-10 17:27]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-10 17:27]

"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 18:55]

"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 17:31]

"CTHelper"="CTHELPER.EXE" [2004-02-02 22:30 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]

"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-15 09:58]

"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" [2006-11-01 21:46]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

"SetDefaultMIDI"="MIDIDef.exe" [2003-06-20 06:13 C:\WINDOWS\MIDIDEF.EXE]

"EA Core"="C:\Program Files\Electronic Arts\EA Link\Core.exe" [2007-04-17 07:59]

"csrss"="C:\WINDOWS\csrss.exe" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoDispAppearancePage"=0 (0x0)

"NoColorChoice"=0 (0x0)

"NoSizeChoice"=0 (0x0)

"NoDispBackgroundPage"=0 (0x0)

"NoDispScrSavPage"=0 (0x0)

"NoDispCPL"=0 (0x0)

"NoVisualStyleChoice"=0 (0x0)

"NoDispSettingsPage"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoActiveDesktopChanges"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSaveSettings"=0 (0x0)

"NoThemesTab"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f4c9cbe-a6f6-11da-bb90-001111d16cc7}]

AutoRun\command- F:\JDLightning\Windows\JDLightning.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-06-16 13:43:36 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (STUDIO-Kevin).job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-16 14:28:44

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-06-16 14:29:13

C:\ComboFix-quarantined-files.txt ... 2007-06-16 14:29

 

--- E O F ---

 

HijackThis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 2:42:01 PM, on 6/16/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Kuma Games\hcsystray\hc_tray.exe

C:\WINDOWS\system32\scchk32.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

c:\program files\mcafee.com\shared\mcinfo.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\DOCUME~1\Kevin\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)

O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)

O2 - BHO: (no name) - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - (no file)

O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)

O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)

O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)

O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\yofmdcdg.dll (file missing)

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://locator.cdn.imageservr.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

Share this post


Link to post
Share on other sites

* Download OTMoveIt.exe from here and place it on your desktop:

http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

 

* Open OTMoveIt.exe.

In the left pane where it says: "Paste List of Files/Folders to be Moved", copy and paste next part:

 

C:\cogvvvmm1.exe

C:\cogvvvmm3.exe

C:\WINDOWS\SYSTEM32\scchk32.exe

C:\cogvvvmm2.exe

C:\WINDOWS\SYSTEM32\stfv.bin

C:\WINDOWS\SYSTEM32\sl.bin

C:\WINDOWS\180ax.exe

C:\WINDOWS\stcloader.exe

C:\WINDOWS\7search.dll

C:\WINDOWS\bjam.dll

C:\WINDOWS\wml.exe

C:\WINDOWS\flt.dll

C:\WINDOWS\bokja.exe

C:\WINDOWS\SYSTEM32\wml.exe

C:\WINDOWS\salm.exe

C:\WINDOWS\vxddsk.exe

C:\WINDOWS\swin32.dll

C:\WINDOWS\SYSTEM32\WER8274.DLL

C:\WINDOWS\satmat.exe

C:\WINDOWS\SYSTEM32\MSIXU.DLL

C:\WINDOWS\saiemod.dll

C:\WINDOWS\mspphe.dll

C:\WINDOWS\cdsm32.dll

C:\WINDOWS\pbar.dll

C:\WINDOWS\SYSTEM32\vxddsk.exe

C:\WINDOWS\voiceip.dll

C:\WINDOWS\SYSTEM32\gtv_sd.bin

 

Then click the MoveIt button below.

In case you get a "Bad Image" error, just click OK at the promt. It will move the file anyway.

When done, it will create a log (********_******.log -- * stands for date and time) in next folder: C:\_OTMoveIt\MovedFiles.

Copy and paste this log in your next reply with a new hijackthis log.

Share this post


Link to post
Share on other sites

JurgenV,

 

Done...logs to follow. Thanks for all your help with this...quite a persistent infection.

 

Moveit log:

 

C:\cogvvvmm1.exe moved successfully.

C:\cogvvvmm3.exe moved successfully.

C:\WINDOWS\SYSTEM32\scchk32.exe moved successfully.

C:\cogvvvmm2.exe moved successfully.

C:\WINDOWS\SYSTEM32\stfv.bin moved successfully.

C:\WINDOWS\SYSTEM32\sl.bin moved successfully.

C:\WINDOWS\180ax.exe moved successfully.

C:\WINDOWS\stcloader.exe moved successfully.

LoadLibrary failed for C:\WINDOWS\7search.dll

C:\WINDOWS\7search.dll NOT unregistered.

C:\WINDOWS\7search.dll moved successfully.

LoadLibrary failed for C:\WINDOWS\bjam.dll

C:\WINDOWS\bjam.dll NOT unregistered.

C:\WINDOWS\bjam.dll moved successfully.

C:\WINDOWS\wml.exe moved successfully.

LoadLibrary failed for C:\WINDOWS\flt.dll

C:\WINDOWS\flt.dll NOT unregistered.

C:\WINDOWS\flt.dll moved successfully.

C:\WINDOWS\bokja.exe moved successfully.

C:\WINDOWS\SYSTEM32\wml.exe moved successfully.

C:\WINDOWS\salm.exe moved successfully.

C:\WINDOWS\vxddsk.exe moved successfully.

LoadLibrary failed for C:\WINDOWS\swin32.dll

C:\WINDOWS\swin32.dll NOT unregistered.

C:\WINDOWS\swin32.dll moved successfully.

LoadLibrary failed for C:\WINDOWS\SYSTEM32\WER8274.DLL

C:\WINDOWS\SYSTEM32\WER8274.DLL NOT unregistered.

C:\WINDOWS\SYSTEM32\WER8274.DLL moved successfully.

C:\WINDOWS\satmat.exe moved successfully.

LoadLibrary failed for C:\WINDOWS\SYSTEM32\MSIXU.DLL

C:\WINDOWS\SYSTEM32\MSIXU.DLL NOT unregistered.

C:\WINDOWS\SYSTEM32\MSIXU.DLL moved successfully.

LoadLibrary failed for C:\WINDOWS\saiemod.dll

C:\WINDOWS\saiemod.dll NOT unregistered.

C:\WINDOWS\saiemod.dll moved successfully.

LoadLibrary failed for C:\WINDOWS\mspphe.dll

C:\WINDOWS\mspphe.dll NOT unregistered.

C:\WINDOWS\mspphe.dll moved successfully.

LoadLibrary failed for C:\WINDOWS\cdsm32.dll

C:\WINDOWS\cdsm32.dll NOT unregistered.

C:\WINDOWS\cdsm32.dll moved successfully.

LoadLibrary failed for C:\WINDOWS\pbar.dll

C:\WINDOWS\pbar.dll NOT unregistered.

C:\WINDOWS\pbar.dll moved successfully.

C:\WINDOWS\SYSTEM32\vxddsk.exe moved successfully.

LoadLibrary failed for C:\WINDOWS\voiceip.dll

C:\WINDOWS\voiceip.dll NOT unregistered.

C:\WINDOWS\voiceip.dll moved successfully.

C:\WINDOWS\SYSTEM32\gtv_sd.bin moved successfully.

 

Created on 06/16/2007 16:02:31

 

 

HiJack This log:

 

Logfile of HijackThis v1.99.1

Scan saved at 4:04:59 PM, on 6/16/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Kuma Games\hcsystray\hc_tray.exe

C:\WINDOWS\system32\scchk32.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

c:\program files\mcafee.com\shared\mcinfo.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\Documents and Settings\Kevin\Desktop\Spyware tools\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)

O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)

O2 - BHO: (no name) - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - (no file)

O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)

O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)

O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)

O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\yofmdcdg.dll (file missing)

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://locator.cdn.imageservr.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

Share this post


Link to post
Share on other sites

Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

 

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Enviroinment (JRE) 6u1, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (13.16 MB).
  • Close any programs you may have running - especially any web browsers.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.

* Please open hijackthis and put a check next to the following:

 

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)

O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)

O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)

O2 - BHO: (no name) - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - (no file)

O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)

O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)

O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)

O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)

O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\yofmdcdg.dll (file missing)

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)

O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe

 

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

 

* Finally, reboot and tell me how everything is working.

Share this post


Link to post
Share on other sites

Things are looking good, Jurgen. No sign of antispyware at the moment.

 

Thanks for all your help...I will raise a toast to you tonight.

Share this post


Link to post
Share on other sites

You're welcome. :wacko:

 

 

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at Lavasoftsupport are to help you, for your sake we would rather not have repeat customers. :unsure:

 

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

 

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

 

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

 

Ad-Aware SE

A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

 

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

 

SpywareBlaster

A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

 

SpywareGuard

A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

 

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

 

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:

http://www.mozilla.org/products/firefox/

 

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

 

Please also read Tony Klein's excellent article: How I got Infected in the First Place

 

Hopefully this should take care of your problems! Good luck. :huh:

Edited by LS CalamityJane
Fixed outdated link

Share this post


Link to post
Share on other sites
Sign in to follow this