Jump to content


Photo

Problem still arise!


  • This topic is locked This topic is locked
18 replies to this topic

#1 Liuism

Liuism

    Member

  • Full Member
  • Pip
  • 45 posts

Posted 10 June 2007 - 07:52 PM

Logfile of HijackThis v1.99.1
Scan saved at 11:06:28 AM, on 11/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell....s...;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell....s...;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell....s...;l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://au.mcafee.com...ystempopup=true
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO:  - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

----------------------------------------
Morning!
i've tried troubleshooting this problem from last friday(Stinger, SDfix and AVG Spyware), since then not much luck.
i've perform virus scan using symantec, and have already clear whatever threats found.
Anyway, the problem is that the warning sign keeps prompting to install the ContraVirus 2007 at the taskbar.
Any ideas?? and i suspect the xpupdate is a threat too..am i correct??
thanks in advance...

Edited by Liuism, 10 June 2007 - 10:22 PM.

Virus = DATA LOSS + DOWN TIME

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 13 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 16 June 2007 - 12:53 AM

Hi Liuism,

Welcome to SpywareInfo! :wave:

I apologize for the delay getting to your log. The helpers here are all volunteers and etc, etc, etc. You know the drill. :)

OK, here’s what we do first.

Please run SmitfraudFix using Option #1 and show me the log it generates.

Then run ComboFix (download the latest version, please) and post the log it generates as well along with a new HijackThis log.

Edit: As a helper trainee, you should know to put a more descriptive title to your topic. I’m sure you have read the FAQs, yes? :)

Edited by Sempurna, 16 June 2007 - 12:59 AM.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#4 Liuism

Liuism

    Member

  • Full Member
  • Pip
  • 45 posts

Posted 18 June 2007 - 12:19 AM

Edit: As a helper trainee, you should know to put a more descriptive title to your topic. Im sure you have read the FAQs, yes? :)

Sorry abt tat! Noted, will do that in the future.

SmitFraudFix v2.195

Scan done at 12:28:39.25, 18/06/2007
Run from C:\Documents and Settings\NIFCO\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS

C:\WINDOWS\wincom27.dll FOUND !

C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\NIFCO


C:\Documents and Settings\NIFCO\Application Data


Start Menu


C:\DOCUME~1\NIFCO\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 202.188.0.133
DNS Server Search Order: 202.188.1.5

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer=202.188.0.133,202.188.1.5
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer=202.188.0.133,202.188.1.5
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer=202.188.0.133,202.188.1.5
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer=202.188.0.133,202.188.1.5


Scanning for wininet.dll infection


End


ComboFix 07-06-17 - C:\Documents and Settings\NIFCO\Desktop\ComboFix.exe
"NIFCO" - 2007-06-18 12:29:23 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))


2007-06-18 12:29 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-18 12:28 3,828 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-11 09:02 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-11 08:39 <DIR> d-------- C:\WINDOWS\pss
2007-06-08 18:01 <DIR> d-------- C:\HJT
2007-06-08 17:57 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-06-08 17:57 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-06-08 17:46 87,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-08 17:46 107,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-08 17:45 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2007-06-08 17:45 <DIR> d-------- C:\Program Files\Symantec
2007-06-08 17:45 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-08 17:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-18 04:25:52 -------- d-----w C:\DOCUME~1\NIFCO\APPLIC~1\Skype
2007-06-08 09:54:15 -------- d-----w C:\Program Files\McAfee
2007-06-08 09:54:15 -------- d-----w C:\Program Files\Common Files\McAfee
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 04:29:40 -------- d-----w C:\DOCUME~1\NIFCO\APPLIC~1\AdobeUM


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-01-12 13:55]
{4D25F921-B9FE-4682-BF72-8AB8210D6D75}=C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll []
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 01:05]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 23:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 18:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 09:28]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 09:28]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 23:30 C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 18:51]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 15:32]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" []
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 20:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 21:57]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-12 13:57]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-25 12:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 22:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updater Servc]
C:\WINDOWS\system32\xpuupdate.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f9ab7eb-0a56-11dc-adcb-00188baadbf1}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53222cef-f38c-11db-adb3-00188baadbf1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Bha.dll.vbs


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-18 12:30:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-18 12:31:07

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 12:31:43 PM, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell....s...;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell....s...;l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://au.mcafee.com...ystempopup=true
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO:  - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

-----------------------------
The logs that you've requested, from what i have seen.
I'm trying to understand for SmitFraudfix log and Combofix log, but for HijackThis :wtf:
How is it?
Thanks in advance
Virus = DATA LOSS + DOWN TIME

#5 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 18 June 2007 - 02:16 AM

Hi Liuism, :wave:

Youre most welcome, Liuism. :)

You have a minor Smitfraud infection. So, lets do this next. Delete your current copy of SmitfraudFix and download a new copy as per the directions below. This is because the tool gets updated frequently, and we dont want to miss any new variants for Smitfraud that may be present in your system.

BEFORE BEGINNING, Please read completely through the instructions below. Please also print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you wont be able to access the Internet to view these instructions.


1. Please download SmitfraudFix (by S!Ri):

NOTE: In the event you already have SmitfraudFix, this is a new version that I need you to download.
  • Extract the content (a folder named SmitfraudFix) to your desktop.
  • Please do NOT run a scan with SmitfraudFix yet!
NOTE : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm


2. Please download CCleaner and save it to your desktop:
  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Please do NOT run a scan with CCleaner yet!
3. Please download and install SUPERAntiSpyware:
  • Load SUPERAntiSpyware and click the Check for Updates button.
  • Once the update has finished, exit SUPERAntiSpyware.
  • Please do NOT run a scan with SUPERAntiSpyware yet!
4. Please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".
5. Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd:
  • Select Option #2 - Clean by typing 2 and press "Enter" to delete infected files.
  • You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the desktop background and clean registry keys associated with the infection.
  • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
  • The tool may need to restart your computer to finish the cleaning process (if a reboot is required, please boot BACK into Safe Mode). A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
WARNING: Running Option #2 on a non-infected computer will remove your desktop background.


6. AFTER SmitfraudFix finishes (and after a reboot if required), please run CCleaner. (If a reboot is required, please boot BACK into Safe Mode)
  • Click the Windows tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.
  • Then, click the "Applications" tab:
    • CHECK everything there.
  • Next, click the "Options" button in the left pane, then click the "Advanced" button:
    • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
  • Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
  • When done, please exit CCleaner.
CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you dont know how to use it, you may cause irreparable damage to your system.


7. Then please run a scan with SUPERAntiSpyware:

IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
  • Open SUPERAntiSpyware and click the "Scan your Computer" button.
  • Check "Perform Complete Scan" and then click "Next".
  • SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them, and then click "Next".
  • Click "Finish" and you will be taken back to the main interface.
  • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
  • I'll need a log afterwards of what has been found.
  • To get the log, click "Preferences" and then click the "Statistics/Logs" tab. Click the dated log and press "View Log" and a text file will appear.
  • Please post the results of the SUPERAntiSpyware log in your next reply.

NEXT:

Go to the Start -> Control Panel -> Add/Remove Programs and remove any of the following that are listed:

Lycos SideSearch
MyGlobalSearch
MySearch
MyWay
MyWay Search
MyWay Search Assistant
MyWay Speed Bar
MyWebSearch
MyWebSearch Bar
Search Assistant MySearch
Search Assistant MyWebSearch
SideSearch



NEXT:

Please run HijackThis and fix these next entries:

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE



Then please delete this FOLDER:

C:\Program Files\MyWaySA


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the SmitfraudFix scan located at C:\rapport.txt.
  • The log from the SUPERAntiSpyware scan.
  • A new ComboFix log.
  • A new HijackThis log.
Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#6 Liuism

Liuism

    Member

  • Full Member
  • Pip
  • 45 posts

Posted 18 June 2007 - 05:53 AM

SmitFraudFix v2.195

Scan done at 17:40:23.95, 18/06/2007
Run from C:\Documents and Settings\NIFCO\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts

127.0.0.1 localhost

Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\WINDOWS\wincom27.dll Deleted

DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer=202.188.0.133,202.188.1.5
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer=202.188.0.133,202.188.1.5
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer=202.188.0.133,202.188.1.5
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer=202.188.0.133,202.188.1.5


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

ComboFix 07-06-17 - C:\Toolk\ComboFix.exe
"NIFCO" - 2007-06-18 18:33:36 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))


2007-06-18 17:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-18 17:36 <DIR> d-------- C:\DOCUME~1\NIFCO\APPLIC~1\SUPERAntiSpyware.com
2007-06-18 17:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-18 17:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-18 17:35 <DIR> d-------- C:\Program Files\CCleaner
2007-06-18 12:32 <DIR> d-------- C:\Toolk
2007-06-18 12:29 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-18 12:28 3,100 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-11 09:02 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-11 08:39 <DIR> d-------- C:\WINDOWS\pss
2007-06-08 18:01 <DIR> d-------- C:\HJT
2007-06-08 17:57 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-06-08 17:57 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-06-08 17:46 87,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-08 17:46 107,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-08 17:45 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2007-06-08 17:45 <DIR> d-------- C:\Program Files\Symantec
2007-06-08 17:45 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-08 17:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-18 10:31:36 -------- d-----w C:\DOCUME~1\NIFCO\APPLIC~1\Skype
2007-06-08 09:54:15 -------- d-----w C:\Program Files\McAfee
2007-06-08 09:54:15 -------- d-----w C:\Program Files\Common Files\McAfee
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 04:29:40 -------- d-----w C:\DOCUME~1\NIFCO\APPLIC~1\AdobeUM


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-01-12 13:55]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 01:05]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 23:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 18:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 09:28]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 09:28]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 23:30 C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 18:51]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 15:32]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" []
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 20:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 21:57]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-12 13:57]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-25 12:38]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 22:13]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updater Servc]
C:\WINDOWS\system32\xpuupdate.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f9ab7eb-0a56-11dc-adcb-00188baadbf1}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53222cef-f38c-11db-adb3-00188baadbf1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Bha.dll.vbs


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-18 18:34:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-18 18:35:17
C:\ComboFix2.txt ... 2007-06-18 12:31

--- E O F ---

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/18/2007 at 06:24 PM

Application Version : 3.8.1002

Core Rules Database Version : 3256
Trace Rules Database Version: 1267

Scan type : Complete Scan
Total Scan Time : 00:38:52

Memory items scanned : 162
Memory threats detected : 0
Registry items scanned : 5423
Registry threats detected : 14
File items scanned : 28038
File threats detected : 1

MyWay Search Assistant Computers
HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\DESRCAS.DLL
HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKU\S-1-5-21-1414674880-1490073510-914317142-1005\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}


Logfile of HijackThis v1.99.1
Scan saved at 6:32:44 PM, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\msiexec.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell....s...;l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://au.mcafee.com...ystempopup=true
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO:  - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

-----------------------------------
Here are the logs. i got a Q, how long did you take to analyse my logs. I quite impress with the quick response, thanks alot. :)
so, how was it??
good??
Virus = DATA LOSS + DOWN TIME

#7 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 18 June 2007 - 07:01 AM

Hi Liuism, :wave:

i got a Q, how long did you take to analyse my logs.

Not long. Depending on the number of logs and the complexity of each of them, it takes me anything from 5-10 minutes.

Things are looking good. Just some leftovers to fix. :)

For this next step, please ensure that ComboFix.exe is on your desktop:
  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    (start copying from "File::")


    File::
    C:\WINDOWS\system32\xpuupdate.exe
    
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f9ab7eb-0a56-11dc-adcb-00188baadbf1}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53222cef-f38c-11db-adb3-00188baadbf1}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updater Servc]
    

  • Save this as ComboFix-Do.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Posted Image


  • Referring to the screenshot above, drag ComboFix-Do.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.
  • Double-click Flash_Disinfector.exe to run it.
  • Follow any prompts that may appear.
  • Your desktop will vanish for a while, and then reappear. This is normal.
  • Wait until the program has finished scanning, then please exit the program.

NEXT:

Let's run an online scan to make sure we're not leaving anything behind.

Please do an online scan with Kaspersky Online Scanner using Internet Explorer (this online scanner only works with IE):
  • Click on "Kaspersky Online Scanner".
  • You will be prompted to install an ActiveX component from Kaspersky, click "Yes".
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on "Next".
  • Now click on "Scan Settings".
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click "OK".
  • Now under select a target to scan:
    • Select "My Computer".
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the "Save Report As" button.
    • In the "File name:" field, type kavscan.
    • In the "Save as type:" field, select "Text file (*.txt)".
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the ComboFix scan located at C:\ComboFix.txt.
  • The log from the Kaspersky scan.
  • A new HijackThis log.
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

How are things running now?

Edited by Sempurna, 18 June 2007 - 07:02 AM.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#8 Liuism

Liuism

    Member

  • Full Member
  • Pip
  • 45 posts

Posted 19 June 2007 - 01:28 AM

ComboFix 07-06-17 - C:\Documents and Settings\NIFCO\Desktop\ComboFix.exe
"NIFCO" - 2007-06-19 12:19:00 - Service Pack 2 NTFS

Command switches used :: C:\Documents and Settings\NIFCO\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))


2007-06-18 17:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-18 17:36 <DIR> d-------- C:\DOCUME~1\NIFCO\APPLIC~1\SUPERAntiSpyware.com
2007-06-18 17:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-18 12:29 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-18 12:28 3,100 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-11 09:02 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-11 08:39 <DIR> d-------- C:\WINDOWS\pss
2007-06-08 18:01 <DIR> d-------- C:\HJT
2007-06-08 17:57 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-06-08 17:57 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-06-08 17:46 87,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-08 17:46 107,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-08 17:45 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2007-06-08 17:45 <DIR> d-------- C:\Program Files\Symantec
2007-06-08 17:45 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-08 17:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-19 04:16:52 -------- d-----w C:\DOCUME~1\NIFCO\APPLIC~1\Skype
2007-06-08 09:54:15 -------- d-----w C:\Program Files\McAfee
2007-06-08 09:54:15 -------- d-----w C:\Program Files\Common Files\McAfee
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-01-12 13:55]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 01:05]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 23:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 18:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 09:28]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 09:28]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 23:30 C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 18:51]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 15:32]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" []
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 20:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 21:57]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-12 13:57]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-25 12:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 22:13]


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-19 12:20:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-19 12:20:45
C:\ComboFix2.txt ... 2007-06-18 18:35

--- E O F ---

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, June 19, 2007 2:03:02 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/06/2007
Kaspersky Anti-Virus database records: 348710
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 48008
Number of viruses found: 3
Number of infected objects: 12 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:38:08

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\SingleClick Systems\HomeNet Manager\Logs\hnm_svc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\AUPNP.log Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Microsoft\Outlook\outcmd.dat Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Skype\udayakashyap\call256.dbb Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Skype\udayakashyap\callmember256.dbb Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Skype\udayakashyap\chat512.dbb Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Skype\udayakashyap\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Skype\udayakashyap\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Skype\udayakashyap\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Skype\udayakashyap\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Skype\udayakashyap\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Skype\udayakashyap\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Skype\udayakashyap\index2.dat Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Skype\udayakashyap\profile256.dbb Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Skype\udayakashyap\transfer256.dbb Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Skype\udayakashyap\user1024.dbb Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Skype\udayakashyap\user16384.dbb Object is locked skipped
C:\Documents and Settings\NIFCO\Application Data\Skype\udayakashyap\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\NIFCO\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NIFCO\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\NIFCO\Local Settings\Application Data\Microsoft\Outlook\shankar.pst Object is locked skipped
C:\Documents and Settings\NIFCO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NIFCO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NIFCO\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NIFCO\Local Settings\History\History.IE5\MSHist012007061920070620\index.dat Object is locked skipped
C:\Documents and Settings\NIFCO\Local Settings\Temp\Perflib_Perfdata_434.dat Object is locked skipped
C:\Documents and Settings\NIFCO\Local Settings\Temp\Perflib_Perfdata_f4.dat Object is locked skipped
C:\Documents and Settings\NIFCO\Local Settings\Temp\~DF8406.tmp Object is locked skipped
C:\Documents and Settings\NIFCO\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NIFCO\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NIFCO\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0294NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0352NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP120\A0012022.exe Infected: not-a-virus:FraudTool.Win32.ContaVir.b skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP120\A0012029.exe Infected: not-a-virus:FraudTool.Win32.ContaVir.b skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121\A0013500.exe Infected: not-a-virus:FraudTool.Win32.ContaVir.b skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121\A0013543.exe Infected: not-a-virus:FraudTool.Win32.ContaVir.b skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP122\A0013563.exe Infected: not-a-virus:FraudTool.Win32.ContaVir.b skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP122\A0013571.exe Infected: not-a-virus:FraudTool.Win32.ContaVir.b skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP122\A0013586.dll Infected: not-a-virus:AdWare.Win32.MyWay.v skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP129\A0014546.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP130\A0014718.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP130\A0014718.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP130\A0014718.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP130\A0014723.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP130\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 2:05:15 PM, on 19/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell....s...;l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://au.mcafee.com...ystempopup=true
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO:  - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{6ED19B7B-B8EF-442D-8DF0-44EE5C387107}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

------------------------------------------
Done as requested! how was it?
Virus = DATA LOSS + DOWN TIME

#9 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 19 June 2007 - 11:41 AM

Hi Liuism, :wave:

The logs appear to be clean. :)

How are things running now? Any persistent problem or suspicious behaviour on your machine that I should know about?
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#10 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 19 June 2007 - 11:44 AM

Edit: Sorry, dupe post.

Edited by Sempurna, 19 June 2007 - 11:56 AM.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#11 Liuism

Liuism

    Member

  • Full Member
  • Pip
  • 45 posts

Posted 19 June 2007 - 06:55 PM

Hi Liuism, :wave:

The logs appear to be clean. :)

How are things running now? Any persistent problem or suspicious behaviour on your machine that I should know about?

So far, before i getting help from SWI, there's no major problems. IT's just tat, i know there some nasties lurking in the system after performing the fixes.

Edit: Sorry, dupe post.

??
ignore this?
Virus = DATA LOSS + DOWN TIME

#12 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 19 June 2007 - 10:55 PM

ignore this?

That means that I posted twice with the same thing. :)

Happens occasionally.

Just some loose ends to tie up, and then we can let you go home. :)

To create a new system restore point:
  • Go to Start Menu -> All Programs -> Accessories -> System Tools -> System Restore.
  • Click "Create A Restore Point" then click "Next". Give it a name and then click "Create".
  • When the confirmation screen shows the restore point has been created click "Close".
  • Then go to Start -> Run and type in (or copy and paste):

    cleanmgr.

  • Click "OK".
  • Disk Cleanup will open and start calculating the amount of space that can be freed.
  • Once thats finished it will open the Disk Cleanup options screen, click the "More Options" tab.
  • Click "Clean Up" in the "System Restore" section and choose "Yes" at the confirmation window.
This will remove all previous restore points except the newly created one.


NEXT:

Your version of Sun Java is out-of-date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older Java version components and update:
  • CLICK HERE to download the offline installer.
    • Select "Java Runtime Environment (JRE) 6u1" and click the "Download" button to the right.
    • Check the box that says "Accept License Agreement".
    • Click on the link to download "Windows Offline Installation, Multi-language".
    • Save the file to your desktop.
  • Next, uninstall your currently installed version from Add/Remove Programs.
  • If you have older versions listed uninstall them also. If you simply update to the new version it leaves the older versions still installed, complete with previous vulnerabilities.
  • Examples of older versions in Add/Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 2
    • Java™ SE Runtime Environment 6
  • Reboot your system.
  • Install the new version by double-clicking on the file you downloaded.

NEXT:

Everything looks great --- your HijackThis log appears to be clean. :)

Please take some time reading this list; it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Windows Updates (a must!)
    It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. You can either click on the link above and bookmark the updates page, or open Internet Explorer, then go to the Tools menu -> Windows Update, and follow the online instructions from there.

  • Firewall (a must!)
    It is definitely a must have. Some good FREE versions are Comodo, Outpost, or ZoneAlarm.
    Test your Firewall and make sure it is working properly.
    Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.

  • Also make sure to run your antivirus software regularly, and to keep it up-to-date.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you do decide to install Firefox, please take a moment to read Switching from IE to Firefox.

  • SpywareBlaster
    This is a great FREE prevention tool to keep nasties from installing on your system.
    Tutorial: How to use!

  • IE-SPYAD
    This FREE tool adds over 15,000 items to your IE Restricted Zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    Tutorial: How to use!

  • Spybot - Search & Destroy
    This is a very powerful FREE tool that can search for and annihilate nasties that make it onto your system. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features for realtime protection.
    Tutorial: How to use!

  • Ad-Aware 2007 Free
    This is another very powerful FREE tool that searches for and kills nasties that infect your system. Ad-Aware 2007 and Spybot Search & Destroy compliment each other very well.
    Tutorial: How to use!

  • I suggest that you download and install one or two of these FREE and good anti-trojan programs to use for ad-hoc scanning on your system:
    a-squared Free
    AVG Anti-Spyware Free
    SUPERAntiSpyware

  • I would also suggest you perform an online virus scan once in a while because what one virus scanner can't find, another one maybe can:
    BitDefender Online Scanner
    F-Secure Online Scanner
    Panda ActiveScan
    Dr.Web CureIt <-- This is not really an online scanner, as it is a standalone utility. You need to download a new copy for updated virus definitions, but it can be run in Safe Mode, unlike the online scanners above.
Please also read Tony Klein's excellent article How I got Infected in the First Place and this CastleCops article Malware Prevention: Prevent Re-infection.

Hopefully this should take care of your problems! Good luck! :D
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#13 Liuism

Liuism

    Member

  • Full Member
  • Pip
  • 45 posts

Posted 20 June 2007 - 04:47 AM

Done as what you've requested above, will practice safe computing!
Thanks alot and regards
Virus = DATA LOSS + DOWN TIME

#14 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 20 June 2007 - 06:28 AM

You're most welcome. :)

Good luck on your training! :thumbsup:
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#15 Liuism

Liuism

    Member

  • Full Member
  • Pip
  • 45 posts

Posted 20 June 2007 - 09:58 AM

Sorry, i got a Q
IE-Spyad only works on IEs right?
then what's the point in practising it when most ppl are advised to used mozilla firefox which is much safer.
It is because some certain ppls are used to IEs??
correct me if i'm wrong
thanks in advance..
regards
Virus = DATA LOSS + DOWN TIME

#16 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 20 June 2007 - 10:26 AM

Yes, IE-SPYAD only works for IE. Nonentheless, even if you use Firefox, there are some sites that are only compatible with IE.

And, yes, some people would still prefer to use IE, mainly because they are used to it, and also because it doesn't use as much system resources as Firefox.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#17 Liuism

Liuism

    Member

  • Full Member
  • Pip
  • 45 posts

Posted 20 June 2007 - 06:43 PM

Yes, IE-SPYAD only works for IE. Nonentheless, even if you use Firefox, there are some sites that are only compatible with IE.

And, yes, some people would still prefer to use IE, mainly because they are used to it, and also because it doesn't use as much system resources as Firefox.

Noted and Thanks again..
Virus = DATA LOSS + DOWN TIME

#18 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 20 June 2007 - 11:39 PM

You're most welcome. :)
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#19 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 25 July 2007 - 07:40 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying HERE with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button