KDIGJ.exe now gone from startup. Still showing a problem with the certificate for this website, if that means anything. HJ Log below.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:45:40 PM, on 5/27/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal
Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
At the end of the fix, you may need to restart your computer again.
Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt
Infected computer is reporting problem with certificate of this Dell site, so there may be some attempt at redirecting or key logging. Not sure, but 2 logs are below:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:17:56 PM, on 5/27/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal
1)Save it to the desktop 2) Rt Click->>Extract all->.Extract it to your Desktop 3) Double Click Killbox.exe to run it 4)Select " Delete on Reboot", and then select "All files". 5) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\kdigj.exe
6) Return to Killbox, go to the File menu, and choose " Paste from Clipboard". 7) Click the red-and-white " Delete File" button. Click " Yes" at the Delete on Reboot prompt.
2. Rerun Hijackthis (scan only) and place checks beside the following entry
Uh oh, it's back, or something is. Even though I have no screen saver settings set I just found "bugs eating the screen" so to speak after about 15 minutes of a spyware scan. Nothing unusual is showing in MSCONFIG/startup or the appearance/power/screen saver settings. Have just run a complete SpySweeper scan, nothing found. Good grief, Charlie Brown. :smileysad:
Save it to your Desktop Rt Click ->> Extract all ->> And extract it to your Desktop Additional help on extracting zip files can be found HERE Open the File Lister Folder. Rt Click FileLister.vbe ->>Select Open Then Open to confirm. As the program runs, it will appear that nothing is happening. When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.
1) Double Click Killbox.exe to run it 2)Select " Delete on Reboot", and then select "All files". 3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\blackster.scr C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
4) Return to Killbox, go to the File menu, and choose " Paste from Clipboard". 5) Click the red-and-white " Delete File" button. Click " Yes" at the Delete on Reboot prompt.
2. Rerun Killbox one more time
At the main window Select Tools ->> Delete Temp Files At the next window uncheck XP Prefetch Leave the other boxes checked Select " Delete Selected Temp Files" Allow the tool to run. When it is finished (You will know that it is finished because the checks will disappear from the location boxes) Select " Exit" Then Select " Exit" again to close Killbox
Have completed your suggestions successfully. I do now notice blackster is appearing in the list of screen saver choices. Did not notice it before although it certainly could have been there along with all the others.
I see much about this nefarious little critter and other related trojans in a quick google search. Hard to believe malware scans isn't catching it.
Any further ideas on how to exterminate it? And thank you so much for all your prompt assistance.
It would appear there has been a screen saver, not showing on the list of normal screen saver choices or options, the graphic of which is bugs crawling around the screen, eating the icons. Yesterday, prior to your assistance, this was an issue but the main issue was some installed programs, some of which appeared in Add/Remove programs and or the msconfig/startup tab. All have been successfully removed now, until this "screen saver" appeared this morning. Yesterday there were a couple extra choices in the screen saver list of options, all of which disapeared after the cleanup we did. So I thought all was good to go, but apparently not. And despite cleaning out the caches, the certificate warning continues to be issued when logging in here. New log follows:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:01:08 AM, on 5/28/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal
ATI Display Driver Belarc Advisor 7.2 CCleaner (remove only) Foxit Reader Google Updater HijackThis 2.0.2 Microsoft Internationalized Domain Names Mitigation APIs Windows Internet Explorer 7 High Definition Audio Driver Package - KB835221 Windows Media Format SDK Hotfix - KB891122 Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Security Update for Step By Step Interactive Training (KB898458) Microsoft Base Smart Card Cryptographic Service Provider Package Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB923689) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows XP (KB923789) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Microsoft .NET Framework 2.0 (KB928365) Hotfix for Windows Media Format 11 SDK (KB929399) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for CAPICOM (KB931906) Hotfix for Microsoft .NET Framework 3.0 (KB932471) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Hotfix for Windows Media Player 11 (KB939683) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Hotfix for Windows Internet Explorer 7 (KB947864) Lexmark Software Uninstall LiveUpdate 3.0 (Symantec Corporation) Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft Compression Client Pack 1.0 for Windows XP MSConfig CleanUp 1.2 Microsoft National Language Support Downlevel APIs PrimoPDF QuickBooks Pro 99 Quicken Basic 99 Adobe Flash Player 9 ActiveX Norton SystemWorks 2006 (Symantec Corporation) TurboTax Deluxe 2007 TurboTax Deluxe Deduction Maximizer 2006 Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Notifications (KB905474) Windows Imaging Component Windows Media Format 11 runtime Windows Media Player 11 Windows Media Format 11 runtime Windows Media Player 11 Microsoft User-Mode Driver Framework Feature Pack 1.0 XML Paper Specification Shared Components Pack 1.0 Microsoft Office 2000 SR-1 Small Business SymNet Symantec KB-DocID:2003093015493306 MSXML 6.0 Parser (KB933579) Security Update for CAPICOM (KB931906) ccCommon Microsoft .NET Framework 3.0 Google Toolbar for Internet Explorer Internet Worm Protection J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 10 WebFldrs XP Windows Communication Foundation Norton Utilities Microsoft .NET Framework 2.0 Norton SystemWorks 2006 Spy Sweeper Connection Keep Alive SPBBC
Windows Workflow Foundation ATI Catalyst Control Center AnswerWorks 4.0 Runtime - English Norton Protection Center PrimoPDF Redistribution Package Microsoft Silverlight NSW_DRM_COLLECTION Norton SystemWorks WordPerfect Office 2002 RealFA$T® Forms for North Carolina Windows Presentation Foundation Windows Rights Management Client with Service Pack 2 Norton AntiVirus 2006 Microsoft .NET Framework 1.1 Dell Support 3.2.1 MSRedist LiveUpdate Notice (Symantec Corporation) Google Toolbar for Internet Explorer Ad-Aware 2007 Norton AntiVirus Parent MSI Windows Rights Management Client Backwards Compatibility SP2 NAVShortcut Norton WMI Update Broadcom Management Programs
europa303
4.4K Posts
0
May 27th, 2008 19:00
europa303
4.4K Posts
0
May 27th, 2008 19:00
KDIGJ.exe now gone from startup. Still showing a problem with the certificate for this website, if that means anything. HJ Log below.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:40 PM, on 5/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061228
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://brinet.com/news.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061228
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167422487296
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 7761 bytes
bamajim
10.4K Posts
0
May 27th, 2008 19:00
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Click Next, then Install, then make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
At the end of the fix, you may need to restart your computer again.
Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt
"The world is what you make of it"
europa303
4.4K Posts
0
May 27th, 2008 19:00
Infected computer is reporting problem with certificate of this Dell site, so there may be some attempt at redirecting or key logging. Not sure, but 2 logs are below:
Username "User Name" - 05/27/2008 16:11:08 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdigj.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.76 85.255.112.37"
Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"C:\\WINDOWS\\system32\\kdigj.exe"="C:\\WINDOWS\\system32\\kdigj.exe"
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:56 PM, on 5/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061228
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://brinet.com/news.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061228
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdigj.exe] C:\WINDOWS\system32\kdigj.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167422487296
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 7849 bytes
bamajim
10.4K Posts
0
May 27th, 2008 19:00
You are most welcome.
1. Please download the Killbox.
2) Rt Click->>Extract all->.Extract it to your Desktop
3) Double Click Killbox.exe to run it
4)Select " Delete on Reboot", and then select "All files".
5) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\kdigj.exe
6) Return to Killbox, go to the File menu, and choose " Paste from Clipboard".
7) Click the red-and-white " Delete File" button. Click " Yes" at the Delete on Reboot prompt.
2. Rerun Hijackthis (scan only) and place checks beside the following entry
Close all other open windows except Hijackthis and Select " Fix checked"
Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log
"The world is what you make of it"
bamajim
10.4K Posts
0
May 27th, 2008 23:00
europa303
The Certificate warning will go away in a day or two. But you can expedite the process by flushing the DNS cache and your cookies.
"The world is what you make of it"
europa303
4.4K Posts
0
May 28th, 2008 12:00
Uh oh, it's back, or something is. Even though I have no screen saver settings set I just found "bugs eating the screen" so to speak after about 15 minutes of a spyware scan. Nothing unusual is showing in MSCONFIG/startup or the appearance/power/screen saver settings. Have just run a complete SpySweeper scan, nothing found. Good grief, Charlie Brown. :smileysad:
bamajim
10.4K Posts
0
May 28th, 2008 12:00
europa303
Uh oh, it's back, or something is. Even though I have no screen saver settings set I just found "bugs eating the screen"
Not sure exactly what that means?
You can post a fresh Hijackthis log if you would like. I'll take a look
"The world is what you make of it"
europa303
4.4K Posts
0
May 28th, 2008 12:00
bamajim
10.4K Posts
0
May 28th, 2008 13:00
1. Go HERE and download File Lister.
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.
"The world is what you make of it"
bamajim
10.4K Posts
0
May 28th, 2008 13:00
1. Rerun Killbox
2)Select " Delete on Reboot", and then select "All files".
3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\blackster.scr
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
4) Return to Killbox, go to the File menu, and choose " Paste from Clipboard".
5) Click the red-and-white " Delete File" button. Click " Yes" at the Delete on Reboot prompt.
2. Rerun Killbox one more time
At the next window uncheck XP Prefetch
Leave the other boxes checked
Select " Delete Selected Temp Files"
Allow the tool to run. When it is finished (You will know that it is finished because the checks will disappear from the location boxes)
Select " Exit"
Then Select " Exit" again to close Killbox
3. Reboot your PC
Reply with the results
"The world is what you make of it"
europa303
4.4K Posts
0
May 28th, 2008 13:00
Have completed your suggestions successfully. I do now notice blackster is appearing in the list of screen saver choices. Did not notice it before although it certainly could have been there along with all the others.
I see much about this nefarious little critter and other related trojans in a quick google search. Hard to believe malware scans isn't catching it.
Any further ideas on how to exterminate it? And thank you so much for all your prompt assistance.
europa303
4.4K Posts
0
May 28th, 2008 13:00
It would appear there has been a screen saver, not showing on the list of normal screen saver choices or options, the graphic of which is bugs crawling around the screen, eating the icons. Yesterday, prior to your assistance, this was an issue but the main issue was some installed programs, some of which appeared in Add/Remove programs and or the msconfig/startup tab. All have been successfully removed now, until this "screen saver" appeared this morning. Yesterday there were a couple extra choices in the screen saver list of options, all of which disapeared after the cleanup we did. So I thought all was good to go, but apparently not. And despite cleaning out the caches, the certificate warning continues to be issued when logging in here. New log follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:08 AM, on 5/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061228
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://brinet.com/news.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061228
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167422487296
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 7775 bytes
europa303
4.4K Posts
0
May 28th, 2008 13:00
+++++++++++++++++++++++++++++++++
+
+ File Lister
+
+ Version 1.0.2
+
+ By bamajim
+
+++++++++++++++++++++++++++++++++
=== Values under HKLM\~\Run ======
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"
=== Values under HKCU\~\Run ======
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""
=== Folders and Files from "%\" and "%\Windows" Created Last 30 Days ======
5/27/2008 4:36:34 PM 1331 C:\!KillBox
5/27/2008 4:36:34 PM 1331 C:\!KillBox\Logs
5/28/2008 10:18:55 AM 710 32 C:\Files.txt
5/8/2008 11:41:35 AM 112 C:\WINDOWS\EHome
5/8/2008 11:54:03 AM 46127 C:\WINDOWS\l2schemas
5/8/2008 12:01:03 PM 7109250 C:\WINDOWS\Prefetch
5/8/2008 11:51:44 AM 487419747 C:\WINDOWS\ServicePackFiles
5/8/2008 11:51:44 AM 484430705 C:\WINDOWS\ServicePackFiles\i386
5/8/2008 11:53:54 AM 49218301 C:\WINDOWS\ServicePackFiles\i386\lang
5/8/2008 11:54:22 AM 2989042 C:\WINDOWS\ServicePackFiles\ServicePackCache
5/8/2008 11:54:22 AM 2989042 C:\WINDOWS\ServicePackFiles\ServicePackCache\i386
5/8/2008 11:54:02 AM 409088 C:\WINDOWS\system32\bits
5/8/2008 11:54:02 AM 76288 C:\WINDOWS\system32\en
5/8/2008 11:54:04 AM 83456 C:\WINDOWS\system32\scripting
5/26/2008 7:11:26 PM 160256 32 C:\WINDOWS\system32\blackster.scr
5/8/2008 12:01:20 PM 255 32 C:\WINDOWS\system32\spupdwxp.log
=== Files under "\Administrator\Startup" Last 30 Days======
5/26/2008 7:11:26 PM 160256 32 C:\WINDOWS\system32\blackster.scr
5/8/2008 12:01:20 PM 255 32 C:\WINDOWS\system32\spupdwxp.log
=== Files under "\All Users\Startup" Last 30 Days======
=== Folders under "\Program Files" Last 30 Days======
5/27/2008 3:38:02 PM 404145 C:\Program Files\Trend Micro
5/27/2008 3:38:02 PM 404145 C:\Program Files\Trend Micro\HijackThis
5/27/2008 4:42:30 PM 81 C:\Program Files\Trend Micro\HijackThis\backups
=== Files under "\System32\Drivers" Last 30 Days======
5/8/2008 11:31:14 AM 56623 0 C:\WINDOWS\system32\drivers\ati1btxx.sys
5/8/2008 11:31:14 AM 11615 0 C:\WINDOWS\system32\drivers\ati1mdxx.sys
5/8/2008 11:31:14 AM 12047 0 C:\WINDOWS\system32\drivers\ati1pdxx.sys
5/8/2008 11:31:14 AM 30671 0 C:\WINDOWS\system32\drivers\ati1raxx.sys
5/8/2008 11:31:14 AM 63663 0 C:\WINDOWS\system32\drivers\ati1rvxx.sys
5/8/2008 11:31:14 AM 26367 0 C:\WINDOWS\system32\drivers\ati1snxx.sys
5/8/2008 11:31:14 AM 21343 0 C:\WINDOWS\system32\drivers\ati1ttxx.sys
5/8/2008 11:31:14 AM 36463 0 C:\WINDOWS\system32\drivers\ati1tuxx.sys
5/8/2008 11:31:14 AM 29455 0 C:\WINDOWS\system32\drivers\ati1xbxx.sys
5/8/2008 11:31:14 AM 34735 0 C:\WINDOWS\system32\drivers\ati1xsxx.sys
5/8/2008 11:31:14 AM 327040 0 C:\WINDOWS\system32\drivers\ati2mtaa.sys
5/8/2008 11:31:15 AM 57856 0 C:\WINDOWS\system32\drivers\atinbtxx.sys
5/8/2008 11:31:15 AM 13824 0 C:\WINDOWS\system32\drivers\atinmdxx.sys
5/8/2008 11:31:15 AM 14336 0 C:\WINDOWS\system32\drivers\atinpdxx.sys
5/8/2008 11:31:15 AM 52224 0 C:\WINDOWS\system32\drivers\atinraxx.sys
5/8/2008 11:31:15 AM 104960 0 C:\WINDOWS\system32\drivers\atinrvxx.sys
5/8/2008 11:31:15 AM 28672 0 C:\WINDOWS\system32\drivers\atinsnxx.sys
5/8/2008 11:31:15 AM 13824 0 C:\WINDOWS\system32\drivers\atinttxx.sys
5/8/2008 11:31:15 AM 73216 0 C:\WINDOWS\system32\drivers\atintuxx.sys
5/8/2008 11:31:15 AM 31744 0 C:\WINDOWS\system32\drivers\atinxbxx.sys
5/8/2008 11:31:15 AM 63488 0 C:\WINDOWS\system32\drivers\atinxsxx.sys
5/8/2008 11:31:15 AM 64352 0 C:\WINDOWS\system32\drivers\ativmc20.cod
5/8/2008 11:34:16 AM 129045 0 C:\WINDOWS\system32\drivers\cxthsfs2.cty
5/8/2008 11:34:23 AM 220032 0 C:\WINDOWS\system32\drivers\hsfbs2s2.sys
5/8/2008 11:34:23 AM 685056 0 C:\WINDOWS\system32\drivers\hsfcxts2.sys
5/8/2008 11:34:23 AM 1041536 0 C:\WINDOWS\system32\drivers\hsfdpsp2.sys
5/8/2008 11:34:30 AM 11868 0 C:\WINDOWS\system32\drivers\mdmxsdk.sys
5/8/2008 11:34:33 AM 126686 0 C:\WINDOWS\system32\drivers\mtlmnt5.sys
5/8/2008 11:34:33 AM 1309184 0 C:\WINDOWS\system32\drivers\mtlstrm.sys
5/8/2008 11:34:33 AM 452736 0 C:\WINDOWS\system32\drivers\mtxparhm.sys
5/8/2008 11:34:34 AM 67866 0 C:\WINDOWS\system32\drivers\netwlan5.img
5/8/2008 11:34:34 AM 180360 0 C:\WINDOWS\system32\drivers\ntmtlfax.sys
5/8/2008 11:34:35 AM 13776 0 C:\WINDOWS\system32\drivers\recagent.sys
5/8/2008 11:34:35 AM 166912 0 C:\WINDOWS\system32\drivers\s3gnbm.sys
5/8/2008 11:34:37 AM 129535 0 C:\WINDOWS\system32\drivers\slnt7554.sys
5/8/2008 11:34:37 AM 404990 0 C:\WINDOWS\system32\drivers\slntamr.sys
5/8/2008 11:34:37 AM 95424 0 C:\WINDOWS\system32\drivers\slnthal.sys
5/8/2008 11:34:37 AM 13240 0 C:\WINDOWS\system32\drivers\slwdmsup.sys
5/8/2008 11:34:40 AM 11807 0 C:\WINDOWS\system32\drivers\wadv07nt.sys
5/8/2008 11:34:40 AM 11295 0 C:\WINDOWS\system32\drivers\wadv08nt.sys
5/8/2008 11:34:40 AM 11871 0 C:\WINDOWS\system32\drivers\wadv09nt.sys
5/8/2008 11:34:40 AM 11935 0 C:\WINDOWS\system32\drivers\wadv11nt.sys
5/8/2008 11:34:41 AM 22271 0 C:\WINDOWS\system32\drivers\watv06nt.sys
5/8/2008 11:34:41 AM 25471 0 C:\WINDOWS\system32\drivers\watv10nt.sys
=== Files under "\User\Local Settings\Temp" Last 30 Days======
5/24/2008 3:28:02 PM 127 32 C:\Documents and Settings\Southern Commercial\Local Settings\Temp\D653F3EC.TMP
5/28/2008 9:58:45 AM 16384 32 C:\Documents and Settings\Southern Commercial\Local Settings\Temp\~DF617.tmp
5/28/2008 9:58:45 AM 512 32 C:\Documents and Settings\Southern Commercial\Local Settings\Temp\~DF652.tmp
=== Files and Folders under "All Users\Application Data" Last 30 Days======
5/26/2008 7:11:52 PM 200 C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
5/26/2008 7:11:52 PM 200 C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect
5/26/2008 8:12:13 PM 0 C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\BASE
5/26/2008 8:12:11 PM 0 C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\DELETED
5/26/2008 8:12:11 PM 200 C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG
5/26/2008 8:12:11 PM 0 C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\SAVED
=== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======
HKLM\Software\microsoft\shared tools\msconfig\startupreg\C:
=== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
NAV Helper
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
=== Running Processes ======
System Idle Process [0]
System [4]
smss.exe [588] \SystemRoot\System32\smss.exe
csrss.exe [652]
winlogon.exe [680] winlogon.exe
services.exe [724] C:\WINDOWS\system32\services.exe
lsass.exe [736] C:\WINDOWS\system32\lsass.exe
ati2evxx.exe [900] C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe [916] C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe [1020]
svchost.exe [1116] C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe [1208]
svchost.exe [1284]
CCSETMGR.EXE [1340] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
explorer.exe [1604] C:\WINDOWS\Explorer.EXE
CCEVTMGR.EXE [1676] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
PIFSvc.exe [308] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
SNDSrvc.exe [348] "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
SPBBCSvc.exe [380] "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
symlcsvc.exe [392] "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
aawservice.exe [520] "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
spoolsv.exe [640] C:\WINDOWS\system32\spoolsv.exe
AluSchedulerSvc.exe [1964] "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
GoogleUpdaterService.exe [2004] "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
NAVAPSVC.EXE [2024] "C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe"
NPFMNTOR.EXE [152] "C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe"
NPROTECT.EXE [176] C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
NOPDB.exe [1328] C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
SpySweeper.exe [1440] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"
alg.exe [2480]
CCAPP.EXE [2488] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
SpySweeperUI.exe [2528] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
GoogleToolbarNotifier.exe [2536] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
NSCSRVCE.EXE [3728] "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"
ssu.exe [940] "C:\Program Files\Webroot\Spy Sweeper\SSU.EXE" 3883008000
iexplore.exe [3424] "C:\Program Files\Internet Explorer\iexplore.exe"
wmiprvse.exe [3900]
wmiprvse.exe [948]
wscript.exe [3784] "C:\WINDOWS\System32\WScript.exe" "C:\Documents and Settings\Southern Commercial\Desktop\FileLister\FileLister.vbe"
=== Uninstall List From Registry ======
ATI Display Driver
Belarc Advisor 7.2
CCleaner (remove only)
Foxit Reader
Google Updater
HijackThis 2.0.2
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
High Definition Audio Driver Package - KB835221
Windows Media Format SDK Hotfix - KB891122
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Security Update for Step By Step Interactive Training (KB898458)
Microsoft Base Smart Card Cryptographic Service Provider Package
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923789)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for CAPICOM (KB931906)
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Hotfix for Windows Internet Explorer 7 (KB947864)
Lexmark Software Uninstall
LiveUpdate 3.0 (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
MSConfig CleanUp 1.2
Microsoft National Language Support Downlevel APIs
PrimoPDF
QuickBooks Pro 99
Quicken Basic 99
Adobe Flash Player 9 ActiveX
Norton SystemWorks 2006 (Symantec Corporation)
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
XML Paper Specification Shared Components Pack 1.0
Microsoft Office 2000 SR-1 Small Business
SymNet
Symantec KB-DocID:2003093015493306
MSXML 6.0 Parser (KB933579)
Security Update for CAPICOM (KB931906)
ccCommon
Microsoft .NET Framework 3.0
Google Toolbar for Internet Explorer
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 10
WebFldrs XP
Windows Communication Foundation
Norton Utilities
Microsoft .NET Framework 2.0
Norton SystemWorks 2006
Spy Sweeper
Connection Keep Alive
SPBBC
Windows Workflow Foundation
ATI Catalyst Control Center
AnswerWorks 4.0 Runtime - English
Norton Protection Center
PrimoPDF Redistribution Package
Microsoft Silverlight
NSW_DRM_COLLECTION
Norton SystemWorks
WordPerfect Office 2002
RealFA$T® Forms for North Carolina
Windows Presentation Foundation
Windows Rights Management Client with Service Pack 2
Norton AntiVirus 2006
Microsoft .NET Framework 1.1
Dell Support 3.2.1
MSRedist
LiveUpdate Notice (Symantec Corporation)
Google Toolbar for Internet Explorer
Ad-Aware 2007
Norton AntiVirus Parent MSI
Windows Rights Management Client Backwards Compatibility SP2
NAVShortcut
Norton WMI Update
Broadcom Management Programs
bamajim
10.4K Posts
0
May 28th, 2008 15:00
europa303
Killboxing the file should have removed it. Are you still having the problem?
"The world is what you make of it"