Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Baylorclay

12 Posts

2306

November 8th, 2007 02:00

multiple popups and slow running system please help

Here is my hijack log.  I have virtumonde on my system and probably others.  Any help would be great...
 
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:12 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\surfmonkey\SMProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\DAVID\APPLIC~1\YSTEM3~1\tracert.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {2E6C3FA6-80EA-499C-ACE7-3F378FDEC22B} - C:\WINDOWS\system32\pmnnm.dll
O2 - BHO: {51909cee-a3e3-5169-6214-7b19285e81f5} - {5f18e582-91b7-4126-9615-3e3aeec90915} - C:\WINDOWS\system32\sdllkadw.dll
O2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04} - C:\WINDOWS\system32\tuvwwuu.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [88708fc2] rundll32.exe "C:\WINDOWS\system32\jmgqlsdm.dll",b
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3347] command /c del "C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6741] cmd /c del "C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA755] command /c del "C:\WINDOWS\SYSTEM32\drivers\core.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2273] cmd /c del "C:\WINDOWS\SYSTEM32\drivers\core.sys"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\DAVID\APPLIC~1\YSTEM3~1\tracert.exe" -vt yazb
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\DAVID\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134018815343
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: jkkhfcb - jkkhfcb.dll (file missing)
O20 - Winlogon Notify: tuvwwuu - tuvwwuu.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Bugbatter

4 Apprentice

 • 

20.5K Posts

November 8th, 2007 10:00

Welcome. Thank you for using Dell Community Forums. :)

I am reviewing your log.
In the meantime, you can help me by doing the following:

* If you have posted this log on another forum, please provide a link to the topic.

* If you are using any cracked software, please remove it.
Definition of cracked software:
http://en.wikipedia.org/wiki/Software_cracking

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.
The nature of such software and the high incidence of malware in files downloaded with them are counter productive to restoring your PC to a healthy state.

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log. Please do not do anything else until you get further instructions.

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures.
Please follow all instructions in sequence.

* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

I look forward to your reply.

Baylorclay

12 Posts

November 8th, 2007 12:00

I only belong to this forum.  Thank you for your help.  I have tried spy-bot, adware 2007 by lavasoft, and vundofix.  None of those have helped.  I also have windows live onecare that will not completely install due to an error(still working on that).
 
I keep getting popups related to whatever website I visit..i.e. going to my bank account produces popups related to banking.
 
The firewall from live onecare also keeps blocking tracert.exe
 
And for my Yahoo home page I get a security warning about my current web page trying to open another site.  current:  http://ad.doubleclick.net  internet site: http://m1.2mdn.net
 
Do I need to remove spy-bot and all the others I mentioned above?
 
Thanks again...

Bugbatter

4 Apprentice

 • 

20.5K Posts

November 8th, 2007 14:00

No, you do not need to remove your security software. I ask that you do not do any troubleshooting on your own while we are working on this.
Look in your Control Panel's Add/Remove Programs for any of these and uninstall them:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets

Reboot and download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed

Reboot after running that.

Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing "Save Target As":
http://www.mvps.org/winhelp2002/DelDomains.inf
Save the file to the desktop. Then go to the desktop, right click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal.

Once it is finished your Zones should be reset.
**Note: this will remove all entries in the Trusted Zone and Restricted Zone, and entries you had will need to be entered again. You will have to re-immunize with SpywareBlaster, and/or Spybot after doing this, and reinstall IESpyads (if you use any of these programs).

Please launch Hijackthis and place a checkmark next to the following:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {2E6C3FA6-80EA-499C-ACE7-3F378FDEC22B} - C:\WINDOWS\system32\pmnnm.dll
O2 - BHO: {51909cee-a3e3-5169-6214-7b19285e81f5} - {5f18e582-91b7-4126-9615-3e3aeec90915} - C:\WINDOWS\system32\sdllkadw.dll
O2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04} - C:\WINDOWS\system32\tuvwwuu.dll (file missing)
O4 - HKLM\..\Run: [88708fc2] rundll32.exe "C:\WINDOWS\system32\jmgqlsdm.dll",b
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\DAVID\APPLIC~1\YSTEM3~1\tracert.exe" -vt yazb O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\DAVID\Application Data\Microsoft\Windows\rayiou.exe
O9 - Extra button: (no name) - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - (no file)
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O20 - Winlogon Notify: jkkhfcb - jkkhfcb.dll (file missing) G O20 - Winlogon Notify: tuvwwuu - tuvwwuu.dll (file missing)

Also fix this if you or Spybot did not set these restrictions:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Close all windows except HijackThis and click "Fix Checked".
Close Hijackthis and reboot.

Please download Combofix from here:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
** Take note that the link is case sensitive

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new HijackThis log.

Note:
Do not mouseclick Combofix's window while it is running. That may cause your system to stall/hang.
Do not proceed with the rest of the fix if you fail to run ComboFix.


Note: The above instructions have been created specifically for this user. If you are not this user, do NOT follow these directions.

Message Edited by Bugbatter on 11-08-2007 11:10 AM

Baylorclay

12 Posts

November 8th, 2007 17:00

I looked for those programs and did not find any.  followed the other instructions and here are the logs
 
combofix:
ComboFix 07-11-08.1 - DAVID 2007-11-09 13:07:35.1 - NTFSx86
Running from: C:\Documents and Settings\DAVID\Desktop\ComboFix.exe
 * Created a new restore point
.
 Unable to gain System Privileges
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\DAVID\Application Data\macromedia\Flash Player\#SharedObjects\2JFWUPQ4\www.broadcaster.com
C:\Documents and Settings\DAVID\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\DAVID\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\DAVID\Application Data\YSTEM3~1
C:\Documents and Settings\DAVID\Application Data\YSTEM3~1\?ystem32\
C:\Documents and Settings\DAVID\Application Data\YSTEM3~1\tracert.exe
C:\Documents and Settings\DAVID\Start Menu\Programs\Outerinfo
C:\Documents and Settings\DAVID\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\DAVID\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\ssembl~1
C:\temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\fnts~1
C:\WINDOWS\system32\a13
C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\D2
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\e2
C:\WINDOWS\system32\e2\caws83122.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\g1
C:\WINDOWS\system32\i8
C:\WINDOWS\system32\i8\taldrvr11.exe
C:\WINDOWS\SYSTEM32\kjkmp.bak1
C:\WINDOWS\SYSTEM32\kjkmp.bak2
C:\WINDOWS\SYSTEM32\kjkmp.ini
C:\WINDOWS\system32\lsp.dll
C:\WINDOWS\SYSTEM32\mnnmp.bak1
C:\WINDOWS\SYSTEM32\mnnmp.bak2
C:\WINDOWS\SYSTEM32\mnnmp.ini
C:\WINDOWS\SYSTEM32\mnnmp.ini2
C:\WINDOWS\SYSTEM32\mnnmp.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\pstwa.bak1
C:\WINDOWS\SYSTEM32\pstwa.ini
C:\WINDOWS\SYSTEM32\qtvwa.bak1
C:\WINDOWS\SYSTEM32\qtvwa.ini
C:\WINDOWS\system32\x22
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\core
-------\DomainService

(((((((((((((((((((((((((   Files Created from 2007-10-09 to 2007-11-09  )))))))))))))))))))))))))))))))
.
2007-11-09 12:41 80,448 --a------ C:\WINDOWS\SYSTEM32\jvblgjst.dll
2007-11-09 12:38 86,080 --a------ C:\WINDOWS\SYSTEM32\plpdrkhb.dll
2007-11-09 12:38 71,232 --a------ C:\WINDOWS\SYSTEM32\lqkilskp.exe
2007-11-09 09:21   d-------- C:\Program Files\Dell AIO Printer A920
2007-11-09 08:53 80,448 --a------ C:\WINDOWS\SYSTEM32\iafdnpgs.dll
2007-11-09 08:51 71,232 --a------ C:\WINDOWS\SYSTEM32\lxxurohm.exe
2007-11-08 22:37   d-------- C:\VundoFix Backups
2007-11-08 22:30 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-08 22:18   d-------- C:\Program Files\Trend Micro
2007-11-08 09:25   d-------- C:\Program Files\Lavasoft
2007-11-08 09:25   d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-07 19:50 88,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\msfwdrv.sys
2007-11-07 19:49 112,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\msfwhlpr.sys
2007-11-07 19:45 67,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys
2007-11-07 19:42   d-------- C:\Program Files\MSXML 4.0
2007-11-07 19:20   d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-07 13:25   d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-07 13:08 81,472 --a------ C:\WINDOWS\SYSTEM32\sdllkadw.dll
2007-11-07 13:06 71,232 --a------ C:\WINDOWS\SYSTEM32\yplcnfbd.exe
2007-11-07 10:48 81,472 --a------ C:\WINDOWS\SYSTEM32\alsbpmvy.dll
2007-11-07 10:45 87,104 --a------ C:\WINDOWS\SYSTEM32\mfonukaq.dll
2007-11-07 10:40 71,232 --a------ C:\WINDOWS\SYSTEM32\enrkocgs.exe
2007-11-06 07:39 83,008 --a------ C:\WINDOWS\SYSTEM32\ophnhxuj.dll
2007-11-04 19:32 87,616 --a------ C:\WINDOWS\SYSTEM32\jmnxbfjq.dll
2007-11-04 19:26 81,472 --a------ C:\WINDOWS\SYSTEM32\esivoxcb.dll
2007-11-03 18:41 82,496 --a------ C:\WINDOWS\SYSTEM32\wsrawrhb.dll
2007-11-03 18:38 86,080 --a------ C:\WINDOWS\SYSTEM32\rpeldjlh.dll
2007-11-01 22:36   d-------- C:\WINDOWS\SYSTEM32\Mz02r
2007-10-11 15:47 245,408 --a------ C:\WINDOWS\SYSTEM32\unicows.dll
2007-10-10 12:59 584,192 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 15:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 18:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-01 04:12 --------- d-----w C:\Program Files\Google
2007-09-24 20:56 --------- d-----w C:\Program Files\MSECache
2007-09-23 00:11 1,980,621 --sha-w C:\WINDOWS\SYSTEM32\qstwa.ini2
2007-09-22 23:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-09-19 23:50 --------- d-----w C:\Program Files\Yahoo!
2007-09-19 23:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO
2007-09-17 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-17 22:25 --------- d-----w C:\Documents and Settings\DAVID\Application Data\Lavasoft
2007-09-17 22:09 --------- d-----w C:\Documents and Settings\DAVID\Application Data\Uniblue
2007-09-16 00:34 --------- d-----w C:\Program Files\EarthLink TotalAccess
2007-09-16 00:34 --------- d-----w C:\Documents and Settings\DAVID\Application Data\Earthlink
2007-09-15 23:51 --------- d-----w C:\Documents and Settings\DAVID\Application Data\ScamBlocker
2007-09-15 23:43 --------- d-----w C:\Program Files\Common Files\EarthLink
2007-09-15 23:43 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Earthlink
2007-09-10 05:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2007-09-10 00:37 --------- d-----w C:\Program Files\Iomega
2007-09-10 00:34 --------- d-----w C:\Program Files\Starcraft
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-05-03 04:01 91,496 -c--a-w C:\Documents and Settings\DAVID\Application Data\GDIPFONTCACHEV1.DAT
2000-12-12 16:17 100,432 -c----w C:\Program Files\Win2000PPAHotfix.exe
2006-06-30 12:26:08 773 --sha-w C:\WINDOWS\SYSTEM32\ccbeg.ini2
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ac53855-cad7-49df-98fe-5333a19147c5}]
2007-11-09 12:41 80448 --a------ C:\WINDOWS\system32\jvblgjst.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-10-01 09:53]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\99e99df8.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ELNKProxy]
C:\WINDOWS\surfmonkey\smproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hosyc]
C:\Program Files\MSN\hosyc22011.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InetCntrl]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Active Disk]
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons]
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Startup Options]
C:\Program Files\Iomega\Common\ImgStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jmarwqh.dll]
C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\jmarwqh.dll,vgaivme
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\WINDOWS\vVX3000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"usnjsvc"=3 (0x3)
"SSScsiSV"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"navapsvc"=2 (0x2)
"MSCSPTISRV"=3 (0x3)
"MSCamSvc"=2 (0x2)
"LexBceS"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Fax"=2 (0x2)
"EarthLinkMonitor"=2 (0x2)
"DSBrokerService"=3 (0x3)
"SPTISRV"=3 (0x3)
"aawservice"=2 (0x2)
R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
R2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
R2 msfwsvc;OneCare Firewall;"C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);C:\WINDOWS\system32\DRIVERS\ADSFilter.sys
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys
S3 VX3000;VX-3000;C:\WINDOWS\system32\DRIVERS\VX3000.sys
S4 EarthLinkMonitor;EarthLink Monitor Service;"C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9570871a-76fc-11d9-95ce-00038a000015}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure20.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-08 09:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-11-09 07:39:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-25 23:00:01 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-09 13:16:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-09 13:20:54 - machine was rebooted
.
 --- E O F ---
 
 

Baylorclay

12 Posts

November 8th, 2007 17:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:52 PM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
O2 - BHO: {5c74191a-3335-ef89-fd94-7dac55835ca5} - {5ac53855-cad7-49df-98fe-5333a19147c5} - C:\WINDOWS\system32\jvblgjst.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134018815343
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
--
End of file - 5153 bytes

Bugbatter

4 Apprentice

 • 

20.5K Posts

November 8th, 2007 18:00

Open Notepad and copy/paste the following text between the dotted lines into it. Do not copy the dotted lines.
** Make sure you copy/paste ALL the text at once.
----------------------------------------------------------------------------------------------- 

File::
C:\WINDOWS\system32\jvblgjst.dll
C:\WINDOWS\SYSTEM32\ccbeg.ini2
C:\WINDOWS\SYSTEM32\lxxurohm.exe
C:\WINDOWS\SYSTEM32\iafdnpgs.dll
C:\WINDOWS\SYSTEM32\plpdrkhb.dll
C:\WINDOWS\SYSTEM32\lqkilskp.exe
C:\WINDOWS\SYSTEM32\sdllkadw.dll
C:\WINDOWS\SYSTEM32\yplcnfbd.exe
C:\WINDOWS\SYSTEM32\alsbpmvy.dll
C:\WINDOWS\SYSTEM32\mfonukaq.dll
C:\WINDOWS\SYSTEM32\enrkocgs.exe
C:\WINDOWS\SYSTEM32\ophnhxuj.dll
C:\WINDOWS\SYSTEM32\jmnxbfjq.dll
C:\WINDOWS\SYSTEM32\esivoxcb.dll
C:\WINDOWS\SYSTEM32\wsrawrhb.dll
C:\WINDOWS\SYSTEM32\rpeldjlh.dll
C:\WINDOWS\SYSTEM32\qstwa.ini2
C:\WINDOWS\system32\jmarwqh.dll


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ac53855-cad7-49df-98fe-5333a19147c5}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jmarwqh.dll]



--------------------------------------------------------------------------------------------------------

Save this as CFScript.txt

Photo Sharing and Video Hosting at Photobucket

Referring to the picture above, drag CFScript into ComboFix.exe
You will be prompted to run Combofix again. Follow the same instructions you did before for running ComboFix.
CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

When finished, a log is produced here: C:\ComboFix.txt

Please provide the contents of the new ComboFix log in your next reply along with a new HijackThis log, and let me know how things are running.

Baylorclay

12 Posts

November 8th, 2007 23:00

Ok, so far everything seems to be running much better.  Still getting popups everynow and then, but no where near as many as before.  Here is the combofix log:
 
ComboFix 07-11-08.1 - DAVID 2007-11-09 18:59:58.2 - NTFSx86
Running from: C:\Documents and Settings\DAVID\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\DAVID\Desktop\CFScript.txt
 * Created a new restore point
FILE
File::C:\WINDOWS\system32\jvblgjst.dllC:\WINDOWS\SYSTEM32\ccbeg.ini2C:\WINDOWS\SYSTEM32\lxxurohm.exeC:\WINDOWS\SYSTEM32\iafdnpgs.dllC:\WINDOWS\SYSTEM32\plpdrkhb.dllC:\WINDOWS\SYSTEM32\lqkilskp.exeC:\WINDOWS\SYSTEM32\sdllkadw.dllC:\WINDOWS\SYSTEM32\yplcnfbd.exeC:\WINDOWS\SYSTEM32\alsbpmvy.dllC:\WINDOWS\SYSTEM32\mfonukaq.dllC:\WINDOWS\SYSTEM32\enrkocgs.exeC:\WINDOWS\SYSTEM32\ophnhxuj.dllC:\WINDOWS\SYSTEM32\jmnxbfjq.dllC:\WINDOWS\SYSTEM32\esivoxcb.dllC:\WINDOWS\SYSTEM32\wsrawrhb.dllC:\WINDOWS\SYSTEM32\rpeldjlh.dllC:\WINDOWS\SYSTEM32\qstwa.ini2C:\WINDOWS\system32\jmarwqh.dllRegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ac53855-cad7-49df-98fe-5333a19147c5}][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jmarwqh.dll]
.
(((((((((((((((((((((((((   Files Created from 2007-10-10 to 2007-11-10  )))))))))))))))))))))))))))))))
.
2007-11-09 14:00   d-------- C:\WINDOWS\SYSTEM32\NtmsData
2007-11-09 12:41 80,448 --a------ C:\WINDOWS\SYSTEM32\jvblgjst.dll
2007-11-09 12:38 86,080 --a------ C:\WINDOWS\SYSTEM32\plpdrkhb.dll
2007-11-09 12:38 71,232 --a------ C:\WINDOWS\SYSTEM32\lqkilskp.exe
2007-11-09 09:21   d-------- C:\Program Files\Dell AIO Printer A920
2007-11-09 08:53 80,448 --a------ C:\WINDOWS\SYSTEM32\iafdnpgs.dll
2007-11-09 08:51 71,232 --a------ C:\WINDOWS\SYSTEM32\lxxurohm.exe
2007-11-08 22:30 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-08 22:18   d-------- C:\Program Files\Trend Micro
2007-11-08 09:25   d-------- C:\Program Files\Lavasoft
2007-11-08 09:25   d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-07 19:50 88,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\msfwdrv.sys
2007-11-07 19:49 112,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\msfwhlpr.sys
2007-11-07 19:45 67,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys
2007-11-07 19:42   d-------- C:\Program Files\MSXML 4.0
2007-11-07 19:20   d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-07 13:25   d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-07 13:08 81,472 --a------ C:\WINDOWS\SYSTEM32\sdllkadw.dll
2007-11-07 13:06 71,232 --a------ C:\WINDOWS\SYSTEM32\yplcnfbd.exe
2007-11-07 10:48 81,472 --a------ C:\WINDOWS\SYSTEM32\alsbpmvy.dll
2007-11-07 10:45 87,104 --a------ C:\WINDOWS\SYSTEM32\mfonukaq.dll
2007-11-07 10:40 71,232 --a------ C:\WINDOWS\SYSTEM32\enrkocgs.exe
2007-11-06 07:39 83,008 --a------ C:\WINDOWS\SYSTEM32\ophnhxuj.dll
2007-11-04 19:32 87,616 --a------ C:\WINDOWS\SYSTEM32\jmnxbfjq.dll
2007-11-04 19:26 81,472 --a------ C:\WINDOWS\SYSTEM32\esivoxcb.dll
2007-11-03 18:41 82,496 --a------ C:\WINDOWS\SYSTEM32\wsrawrhb.dll
2007-11-03 18:38 86,080 --a------ C:\WINDOWS\SYSTEM32\rpeldjlh.dll
2007-11-01 22:36   d-------- C:\WINDOWS\SYSTEM32\Mz02r
2007-10-11 15:47 245,408 --a------ C:\WINDOWS\SYSTEM32\unicows.dll
2007-10-10 12:59 584,192 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 15:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 18:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-01 04:12 --------- d-----w C:\Program Files\Google
2007-09-24 20:56 --------- d-----w C:\Program Files\MSECache
2007-09-23 00:11 1,980,621 --sha-w C:\WINDOWS\SYSTEM32\qstwa.ini2
2007-09-22 23:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-09-19 23:50 --------- d-----w C:\Program Files\Yahoo!
2007-09-19 23:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO
2007-09-17 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-17 22:25 --------- d-----w C:\Documents and Settings\DAVID\Application Data\Lavasoft
2007-09-17 22:09 --------- d-----w C:\Documents and Settings\DAVID\Application Data\Uniblue
2007-09-16 00:34 --------- d-----w C:\Program Files\EarthLink TotalAccess
2007-09-16 00:34 --------- d-----w C:\Documents and Settings\DAVID\Application Data\Earthlink
2007-09-15 23:51 --------- d-----w C:\Documents and Settings\DAVID\Application Data\ScamBlocker
2007-09-15 23:43 --------- d-----w C:\Program Files\Common Files\EarthLink
2007-09-15 23:43 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Earthlink
2007-09-10 05:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2007-09-10 00:37 --------- d-----w C:\Program Files\Iomega
2007-09-10 00:34 --------- d-----w C:\Program Files\Starcraft
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2006-05-03 04:01 91,496 -c--a-w C:\Documents and Settings\DAVID\Application Data\GDIPFONTCACHEV1.DAT
2000-12-12 16:17 100,432 -c----w C:\Program Files\Win2000PPAHotfix.exe
2006-06-30 12:26:08 773 --sha-w C:\WINDOWS\SYSTEM32\ccbeg.ini2
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ac53855-cad7-49df-98fe-5333a19147c5}]
2007-11-09 12:41 80448 --a------ C:\WINDOWS\system32\jvblgjst.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-10-01 09:53]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\99e99df8.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ELNKProxy]
C:\WINDOWS\surfmonkey\smproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hosyc]
C:\Program Files\MSN\hosyc22011.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InetCntrl]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Active Disk]
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons]
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Startup Options]
C:\Program Files\Iomega\Common\ImgStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jmarwqh.dll]
C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\jmarwqh.dll,vgaivme
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\WINDOWS\vVX3000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"usnjsvc"=3 (0x3)
"SSScsiSV"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"navapsvc"=2 (0x2)
"MSCSPTISRV"=3 (0x3)
"MSCamSvc"=2 (0x2)
"LexBceS"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Fax"=2 (0x2)
"EarthLinkMonitor"=2 (0x2)
"DSBrokerService"=3 (0x3)
"SPTISRV"=3 (0x3)
"aawservice"=2 (0x2)
R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
R2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
R2 msfwsvc;OneCare Firewall;"C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);C:\WINDOWS\system32\DRIVERS\ADSFilter.sys
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys
S3 VX3000;VX-3000;C:\WINDOWS\system32\DRIVERS\VX3000.sys
S4 EarthLinkMonitor;EarthLink Monitor Service;"C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9570871a-76fc-11d9-95ce-00038a000015}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure20.exe
*Newly Created Service* - NTMSSVC
*Newly Created Service* - SWPRV
*Newly Created Service* - VSS
.
Contents of the 'Scheduled Tasks' folder
"2007-11-08 09:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-11-09 07:39:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-25 23:00:01 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-09 19:04:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-09 19:05:57
C:\ComboFix2.txt ... 2007-11-09 13:20
.
 --- E O F ---

Baylorclay

12 Posts

November 8th, 2007 23:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:05 PM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
O2 - BHO: {5c74191a-3335-ef89-fd94-7dac55835ca5} - {5ac53855-cad7-49df-98fe-5333a19147c5} - C:\WINDOWS\system32\jvblgjst.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134018815343
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
--
End of file - 5153 bytes
 
How do I get rid of all this unnecessary stuff...like disney.go.com/games and etc?
 
Thanks for all your help so far.  This has been frustrating me for some time now.  Really appreciate everything.

Bugbatter

4 Apprentice

 • 

20.5K Posts

November 9th, 2007 00:00

Please launch HijackThis and place a checkmark next to this:

O2 - BHO: {5c74191a-3335-ef89-fd94-7dac55835ca5} - {5ac53855-cad7-49df-98fe-5333a19147c5} - C:\WINDOWS\system32\jvblgjst.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
Close all windows except Hijackthis and click "Fix Checked." Close Hijackthis.

Run Disk Cleanup in each user's profile:
Click "Start > Programs > Accessories > System Tools > Disk Cleanup"
Please make sure the following are checked:
-- Downloaded Program Files
-- Temporary Internet Files
-- Recycle Bin
-- Temporary Files
Click "OK" and Disk Cleanup will delete those files for you.
Reboot.

Go here to test your Java:
http://www.java.com/en/download/installed.jsp
If you need a new version follow these instructions:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u3 allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each of the Java versions.

  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.

Official JAVA Installation Instructions if needed.


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Let me know how things are running at that point.

Baylorclay

12 Posts

November 9th, 2007 12:00

Every thing is running 400% better than 2 days ago.  Here is the log:  Do you also want another Hijack this log?
 
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/10/2007 at 00:33 AM
Application Version : 3.9.1008
Core Rules Database Version : 3259
Trace Rules Database Version: 1270
Scan type       : Complete Scan
Total Scan Time : 01:19:00
Memory items scanned      : 307
Memory threats detected   : 0
Registry items scanned    : 6588
Registry threats detected : 16
File items scanned        : 59412
File threats detected     : 57
Adware.Vundo Variant
 HKLM\Software\Classes\CLSID\{38453DEE-BA83-4CAF-9072-020F48AC7181}
 HKCR\CLSID\{38453DEE-BA83-4CAF-9072-020F48AC7181}
 HKCR\CLSID\{38453DEE-BA83-4CAF-9072-020F48AC7181}\InprocServer32
 HKCR\CLSID\{38453DEE-BA83-4CAF-9072-020F48AC7181}\InprocServer32#ThreadingModel
 C:\WINDOWS\SYSTEM32\MLJJI.DLL
 HKLM\Software\Classes\CLSID\{99F4D674-4C3F-4C95-BA08-AA9BB946EE9E}
 HKCR\CLSID\{99F4D674-4C3F-4C95-BA08-AA9BB946EE9E}
 HKCR\CLSID\{99F4D674-4C3F-4C95-BA08-AA9BB946EE9E}\InprocServer32
 HKCR\CLSID\{99F4D674-4C3F-4C95-BA08-AA9BB946EE9E}\InprocServer32#ThreadingModel
 C:\WINDOWS\SYSTEM32\PMNNL.DLL
 HKLM\Software\Classes\CLSID\{B260062C-3D6A-4FFF-905A-BE44F1F87EE2}
 HKCR\CLSID\{B260062C-3D6A-4FFF-905A-BE44F1F87EE2}
 HKCR\CLSID\{B260062C-3D6A-4FFF-905A-BE44F1F87EE2}\InprocServer32
 HKCR\CLSID\{B260062C-3D6A-4FFF-905A-BE44F1F87EE2}\InprocServer32#ThreadingModel
 C:\WINDOWS\SYSTEM32\GEEDA.DLL
Trojan.WinFixer
 HKLM\Software\Classes\CLSID\{B14BE269-0622-4FF0-A2E4-C848438B918C}
 HKCR\CLSID\{B14BE269-0622-4FF0-A2E4-C848438B918C}
 HKCR\CLSID\{B14BE269-0622-4FF0-A2E4-C848438B918C}\InprocServer32
 HKCR\CLSID\{B14BE269-0622-4FF0-A2E4-C848438B918C}\InprocServer32#ThreadingModel
 C:\WINDOWS\SYSTEM32\AWTSP.DLL
Adware.Tracking Cookie
 C:\Documents and Settings\DAVID\cookies\david@www.admedia365[2].txt
 C:\Documents and Settings\DAVID\cookies\david@angleinteractive.directtrack[2].txt
 C:\Documents and Settings\DAVID\cookies\david@stats.erau[1].txt
 C:\Documents and Settings\DAVID\cookies\david@publishers.clickbooth[1].txt
 C:\Documents and Settings\DAVID\cookies\david@ads.pointroll[1].txt
 C:\Documents and Settings\DAVID\cookies\david@www.3dstats[1].txt
 C:\Documents and Settings\DAVID\cookies\david@tribalfusion[1].txt
 C:\Documents and Settings\DAVID\cookies\david@statcounter[2].txt
 C:\Documents and Settings\DAVID\cookies\david@ads.adengage[2].txt
 C:\Documents and Settings\DAVID\cookies\david@mediaplex[2].txt
 C:\Documents and Settings\DAVID\cookies\david@2o7[2].txt
 C:\Documents and Settings\DAVID\cookies\david@richmedia.yahoo[2].txt
 C:\Documents and Settings\DAVID\cookies\david@tacoda[2].txt
 C:\Documents and Settings\DAVID\cookies\david@advertising[1].txt
 C:\Documents and Settings\DAVID\cookies\david@interclick[4].txt
 C:\Documents and Settings\DAVID\cookies\david@www.burstnet[3].txt
 C:\Documents and Settings\DAVID\cookies\david@www.burstbeacon[1].txt
 C:\Documents and Settings\DAVID\cookies\david@cpvfeed[1].txt
 C:\Documents and Settings\DAVID\cookies\david@login.revenueloop[2].txt
 C:\Documents and Settings\DAVID\cookies\david@questionmarket[1].txt
 C:\Documents and Settings\DAVID\cookies\david@atdmt[2].txt
 C:\Documents and Settings\DAVID\cookies\david@hitbox[2].txt
 C:\Documents and Settings\DAVID\cookies\david@adbrite[2].txt
 C:\Documents and Settings\DAVID\cookies\david@directtrack[1].txt
 C:\Documents and Settings\DAVID\cookies\david@azjmp[2].txt
 C:\Documents and Settings\DAVID\cookies\david@sexbuddies[2].txt
 C:\Documents and Settings\DAVID\cookies\david@revsci[1].txt
 C:\Documents and Settings\DAVID\cookies\david@stats.erau[3].txt
 C:\Documents and Settings\DAVID\cookies\david@lynxtrack[1].txt
 C:\Documents and Settings\DAVID\cookies\david@trafficmp[2].txt
 C:\Documents and Settings\DAVID\cookies\david@findwhat[1].txt
 C:\Documents and Settings\DAVID\cookies\david@ad.yieldmanager[2].txt
 C:\Documents and Settings\DAVID\cookies\david@adopt.euroclick[2].txt
 C:\Documents and Settings\DAVID\cookies\david@ads.revsci[2].txt
 C:\Documents and Settings\DAVID\cookies\david@ad.outerinfoads[3].txt
 C:\Documents and Settings\DAVID\cookies\david@indiads[1].txt
 C:\Documents and Settings\DAVID\cookies\david@redorbit[2].txt
 C:\Documents and Settings\DAVID\cookies\david@burstnet[1].txt
 C:\Documents and Settings\DAVID\cookies\david@ehg-pcsecurityshield.hitbox[1].txt
 C:\Documents and Settings\DAVID\Cookies\david@ad.outerinfoads[2].txt
 C:\Documents and Settings\DAVID\Cookies\david@ads.revsci[1].txt
 C:\Documents and Settings\DAVID\Cookies\david@azjmp[1].txt
 C:\Documents and Settings\DAVID\Cookies\david@eyewonder[1].txt
 C:\Documents and Settings\DAVID\Cookies\david@interclick[1].txt
 C:\Documents and Settings\DAVID\Cookies\david@interclick[2].txt
 C:\Documents and Settings\DAVID\Cookies\david@interclick[3].txt
 C:\Documents and Settings\DAVID\Cookies\david@precisionclick[1].txt
 C:\Documents and Settings\DAVID\Cookies\david@publishers.clickbooth[2].txt
 C:\Documents and Settings\DAVID\Cookies\david@redorbit[1].txt
 C:\Documents and Settings\DAVID\Cookies\david@richmedia.yahoo[1].txt
 C:\Documents and Settings\DAVID\Cookies\david@trafficmp[1].txt
 C:\Documents and Settings\DAVID\Cookies\david@www.burstnet[1].txt
Adware.k8l
 C:\PROGRAM FILES\INTERNET EXPLORER\PROGYRTAJYD.HTML

Bugbatter

4 Apprentice

 • 

20.5K Posts

November 9th, 2007 13:00

Yes, another Hijackthis log please.

Baylorclay

12 Posts

November 9th, 2007 14:00

well I may have spoken too soon...i got a window that msconfig was not running in the normal mode.  it was selective startup.  switched it and rebooted and myspace im came on and started spybot and live onecare going crazy.  I uninstalled myspace im and some other programs i don't use any more like vx3000 web cam is still there and I don't have it installed as well as windows defender. and I don't know what these are on here for:ewidoOnlineScan Control, MySpace Uploader Control, Pearson Installation Assistant 2, MSN Games - Installer, Pearson MathXL Player,
My daughter plays alot on here so I have no idea were some of them came from.  Thought I uninstalled Norton a long time ago, but see that it still shows up.  As well as the lexmark programs unless they are part of the sony programs.  And adobe photo starts up, but I don't want it at startup, just available to use. 
Is there a place that I can research these?
 
anyway here is the new log:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:10 AM, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll (file missing)
O2 - BHO: (no name) - {228F1180-3F35-4D86-8423-96E17A92E6BF} - (no file)
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll (file missing)
O2 - BHO: (no name) - {FBDC08FB-82AF-4B5A-8DB6-13A2E121CDC6} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hosyc] C:\Program Files\MSN\hosyc22011.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134018815343
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} -
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkhfcb - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 9515 bytes
 

Baylorclay

12 Posts

November 9th, 2007 15:00

ok...here we go:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:42 AM, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134018815343
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 8018 bytes

Bugbatter

4 Apprentice

 • 

20.5K Posts

November 9th, 2007 15:00

"got a window that msconfig was not running in the normal mode. it was selective startup."
Yes, that is correct. That is because we have disabled Teatimer.
Please disable Teatimer again. We are not finished.

After we have resolved your malware problems, and we have finished working here, you can research Startups at the links below, and take care of the legitimate programs that you do not want to have running at Startup:
http://www.sysinfo.org/startuplist.php
 http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
Type-in the name of the program you want to research; or click on its first letter.

More here:
http://www.hijackfree.com/en/processlist/

If your daughter "plays alot " on the computer, perhaps it would be good to educate her on some security. You had quite a collection of malware on there.
At least you now have Super AntiSpyware, so if you keep that updated, you can run it regularly.

Please reboot into Safemode:
Turn on the computer.
Immediately begin tapping the F8 key.
Use the arrow keys to highlight Safe Mode and press the Enter key.

Please launch Hijackthis and place a checkmark next to the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll (file missing)
O2 - BHO: (no name) - {228F1180-3F35-4D86-8423-96E17A92E6BF} - (no file)
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll (file missing)
O2 - BHO: (no name) - {FBDC08FB-82AF-4B5A-8DB6-13A2E121CDC6} - (no file)
O4 - HKLM\..\Run: [hosyc] C:\Program Files\MSN\hosyc22011.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} -
O20 - Winlogon Notify: jkkhfcb - C:\WINDOWS\
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
Close all windows except Hijackthis and click "Fix Checked".
Close HijackThis and reboot normally.

Let's download and scan each user profile with CCleaner. This will be another good tool to keep and use for regular maintenance.
http://www.ccleaner.com/download/builds
** Select to download the SLIM version.
1. Before first use, select Options > Advanced and UNCHECK
" Only delete files in Windows Temp folder older than 48 hours"
2. Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies (if you want to keep those).
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all except cookies (if you want to keep those) in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
3. Click the " Run Cleaner" button.
4. A pop up box will appear advising this process will permanently delete files from your system.
5. Click " OK" and it will scan and clean your system.
6. Click " exit" when done.
REBOOT.

Please post a frersh HijackThis log.

Bugbatter

4 Apprentice

 • 

20.5K Posts

November 9th, 2007 16:00

Regarding this one:
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
This is part of your Java. The file was there in your previous log. I'm not sure why it was removed. Perhaps when you are finished, you could go back to the Java test to be sure yours is working correctly. If not reinstall, it.)

The following are not necessarily spyware/malware, but I suggest you fix them with HijackThis by placing a checkmark next to them, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe\"
(Sun Java update scheduler. This checks for updates, but is not necessary.)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
( Microsoft Office startup assistant --Unnecessary. Office casn be started manually if needed. Removing this entry will free up a significant amount of system resources.)

Close all windows except HijackThis and click "Fix Checked". Close Hijackthis and reboot.

Now for some final cleaning:
* Click Start then Run
* Now type Combofix /u in the runbox and click OK.
Notice the space between the X and the /u


This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now you can enable Teatimer again.

Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.

You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these:
1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

3. Consider installing the following free programs:
a. SpywareBlaster: (Not recommended for Vista)
http://www.javacoolsoftware.com/spywareblaster.html
Tutorial here: http://www.bleepingcomputer.com/forums/tutorial49.html
b. SpywareGuard:
http://www.javacoolsoftware.com/spywareguard.html
Tutorial here: http://www.bleepingcomputer.com/tutorials/tutorial50.html
Periodically check for updates in both programs.

4. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.
Note: Zone Alarm Firewall (by Checkpoint) has a free version http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads

5. You might consider installing Mozilla / Firefox.
http://www.mozilla.org/

6. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known
vulnerabilities.

7. Before using or purchasing any Spyware/Malware protection/removal program, always check the following Rogue/Suspect Spyware Lists.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
http://www.malwarebytes.org/database.php

8. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/
** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.

9. If you use Adobe Reader it may need to be updated to be sure that you have a more secure version. If you are using a version prior to v. 6.05, you should update to 6.05, preferably version 8.1.0 or higher.
It would be best to remove prior versions before updating to a new version.
If you need additional assistance, the Adobe forums are here: http://www.adobe.com/support/forums/main.html

10. Make sure you are using the most updated version of Java.
The current version is Java Runtime Environment (JRE) 6u3
You can go here to download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says " Java Runtime Environment (JRE) 6u3 allows end-users to run Java applications".

Click the link to download the Windows (Offline Installation) package: Save it, do not run it. When the download is complete, close the browser.

Remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
Official JAVA Installation Instructions if needed.
Reboot.

11. Practice Safe Surfing with with TrendProtect by Trendmicro.
TrendProtect is a browser plugin that assigns a safety rating to domains listed in your search engine. TrendProtect also adds a new button to your browser's toolbar area. The icon and color of the button changes to indicate whether the page currently open is safe, unsafe, trusted, or unrated, or whether it contains unwanted content.

The following color codes are used by TrendProtect to indicate the safety of each site.

Red for Warning
Yellow for Use Caution
Green for Safe
Grey for Unknown


12. Here are some helpful articles:
"So how did I get infected in the first place?"
by TonyKlein
http://computercops.biz/postlite7736-.html

"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx

13. This is an excellent resource for users of all levels. General computer maintenance as well as internet security is covered.
Rootkits for Dummies
(Paperback)
by Larry Stevenson (Author), Nancy Altholz (Author)


Happy and Safe Surfing!

Was this post helpful?

View All

No Events found!

Top