• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
richpeterson

desktop hijacked

9 posts in this topic

My desktop has been hijacked. I can't change my desktop picture. I've run ad-aware, spybot, AVG (log included), BitDefender (log included), F-secure, Panda, and Hijackthis (log included).

 

I can't get rid of "newdotcom". I presume that is the problem.

Thanks

 

 

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 11:14:50 AM 5/31/2007

 

+ Scan result:

 

 

 

C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\Program Files\NewDotNet\newdotnet7_48.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\WINNT\NDNuninstall7_48.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Tldctl2.URLLink -> Adware.NewDotNet : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1 -> Adware.NewDotNet : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID -> Adware.NewDotNet : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CurVer -> Adware.NewDotNet : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\New.net Startup -> Adware.NewDotNet : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).

HKLM\SOFTWARE\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).

HKU\S-1-5-21-583907252-1935655697-1801674531-1000\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@reciperewards.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@rotator.dex.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@rotator.its.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@thunderbolt.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@ad.admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@www.adobe[2].txt -> TrackingCookie.Adobe : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@ads.cnn[2].txt -> TrackingCookie.Cnn : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@search.live[2].txt -> TrackingCookie.Live : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@ie.search.msn[2].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Tom and LuRinda Pete\Cookies\tom and lurinda pete@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

 

 

::Report end

 

 

 

 

 

BitDefender Online Scanner

 

 

 

Scan report generated at: Tue, Jun 12, 2007 - 15:12:05

 

 

 

 

 

Scan path: A:\;C:\;D:\;

 

 

 

 

 

 

 

Statistics

 

Time

01:43:53

 

Files

168190

 

Folders

3596

 

Boot Sectors

2

 

Archives

8306

 

Packed Files

9591

 

 

 

 

Results

 

Identified Viruses

4

 

Infected Files

5

 

Suspect Files

0

 

Warnings

0

 

Disinfected

0

 

Deleted Files

5

 

 

 

 

Engines Info

 

Virus Definitions

513261

 

Engine build

AVCORE v1.0 (build 2409) (i386) (May 9 2007 18:01:21)

 

Scan plugins

14

 

Archive plugins

38

 

Unpack plugins

6

 

E-mail plugins

6

 

System plugins

1

 

 

 

 

Scan Settings

 

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

 

 

 

Scanned File

Status

 

C:\Documents and Settings\Tom and LuRinda Pete\Local Settings\Temp\rr-toolbar.exe=>(NSIS o)=>lzma_solid_nsis0004

Infected with: Trojan.Startpage.DLL

 

C:\Documents and Settings\Tom and LuRinda Pete\Local Settings\Temp\rr-toolbar.exe=>(NSIS o)=>lzma_solid_nsis0004

Disinfection failed

 

C:\Documents and Settings\Tom and LuRinda Pete\Local Settings\Temp\rr-toolbar.exe=>(NSIS o)=>lzma_solid_nsis0004

Deleted

 

C:\Documents and Settings\Tom and LuRinda Pete\Local Settings\Temp\rr-toolbar.exe=>(NSIS o)

Update failed

 

C:\Documents and Settings\Tom and LuRinda Pete\My Documents\playtoadgeneralfree.exe=>wise0049=>(CAB Sfx r)=>VVSN.exe

Infected with: Generic.Adw.SaveNow.56AD4696

 

C:\Documents and Settings\Tom and LuRinda Pete\My Documents\playtoadgeneralfree.exe=>wise0049=>(CAB Sfx r)=>VVSN.exe

Disinfection failed

 

C:\Documents and Settings\Tom and LuRinda Pete\My Documents\playtoadgeneralfree.exe=>wise0049=>(CAB Sfx r)=>VVSN.exe

Deleted

 

C:\Documents and Settings\Tom and LuRinda Pete\My Documents\playtoadgeneralfree.exe=>wise0049=>(CAB Sfx r)

Update failed

 

C:\Documents and Settings\Tom and LuRinda Pete\My Documents\playtoadgeneralfree.exe=>wise0050

Detected with: Application.Adware.NewDotNet.B.Dropper

 

C:\Documents and Settings\Tom and LuRinda Pete\My Documents\playtoadgeneralfree.exe=>wise0050

Deleted

 

C:\Documents and Settings\Tom and LuRinda Pete\My Documents\playtoadgeneralfree.exe

Update failed

 

C:\Documents and Settings\Tom and LuRinda Pete\My Documents\playtoadgeneralfree.exe=>wise0052

Infected with: Trojan.Downloader.Agent.AVZ

 

C:\Documents and Settings\Tom and LuRinda Pete\My Documents\playtoadgeneralfree.exe=>wise0052

Disinfection failed

 

C:\Documents and Settings\Tom and LuRinda Pete\My Documents\playtoadgeneralfree.exe=>wise0052

Deleted

 

C:\Documents and Settings\Tom and LuRinda Pete\My Documents\playtoadgeneralfree.exe

Update failed

 

C:\Documents and Settings\Tom and LuRinda Pete\My Documents\playtoadgeneralfree.exe=>wise0053

Infected with: Trojan.Downloader.Agent.AVZ

 

C:\Documents and Settings\Tom and LuRinda Pete\My Documents\playtoadgeneralfree.exe=>wise0053

Disinfection failed

 

C:\Documents and Settings\Tom and LuRinda Pete\My Documents\playtoadgeneralfree.exe=>wise0053

Deleted

 

C:\Documents and Settings\Tom and LuRinda Pete\My Documents\playtoadgeneralfree.exe

Update failed

 

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 4:18:36 PM, on 6/12/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\igfxtray.exe

C:\WINNT\System32\hkcmd.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\WINNT\Mixer.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\You've Got Mail\You've Got Mail.EXE

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.equibase.com/static/entry/index.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HILLPROXY.HILL.AFMC.DS.AF.MIL:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>

R3 - URLSearchHook: (no name) - {9285901C-2731-4E57-8F17-6B016168CA98} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [DSL Connection Tool] C:\Program Files\MSN\MSNIA\dslmon.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [system Initialization] C:\WINNT\system32\msmonk32.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce

O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [You've Got Mail] C:\Program Files\You've Got Mail\You've Got Mail.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O12 - Plugin for .xfd: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://reciperewards.aavalue.com/rr/toolbar/rr-toolbar.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162954153812

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://privacyprotector.com/.freeware/cab/...cyprotector.cab

O20 - Winlogon Notify: ActiveSync - C:\WINNT\SYSTEM32\WcesWlgn.dll

O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - NetServices.exe (file missing)

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

O23 - Service: WUSB54Gv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv2.exe (file missing)

Share this post


Link to post
Share on other sites

Am no expert in this but I had that same problem with you. Try download Norton Anti-Virus. You can use it for 15 days free and by which time you should have gotten rid of the virus already anyway.

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Welcome to the forum :wave:

 

I apologize for the delay getting to you, the helpers here are all volunteers and we have been very busy here lately.

 

Download SDFix and save it to your Desktop.

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press the F8 key
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

Please download ComboFix by sUBs:

 

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.

  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Save it to a convienent place.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

Please reply with the following.

1. Sdfix log

2. Combofix log

3. A fresh HijackThis log

Share this post


Link to post
Share on other sites

Here are my logs:

 

 

SDFix: Version 1.88

 

Run by Tom and LuRinda Pete on Mon 06/18/2007 at 9:18p

 

Microsoft Windows 2000 [Version 5.00.2195]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

 

 

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\WINNT\Downloaded Program Files\UPRP_0001_D21M2103NetInstaller.exe - Deleted

C:\DOCUME~1\TOMAND~1\LOCALS~1\Temp\tmp*.tmp - Deleted

 

 

 

Removing Temp Files...

 

ADS Check:

 

Checking C:\WINNT\

C:\WINNT

No streams found.

 

Checking C:\WINNT\system32

C:\WINNT\system32

No streams found.

 

Checking C:\WINNT\system32\svchost.exe

C:\WINNT\system32\svchost.exe

No streams found.

 

Checking C:\WINNT\system32\ntoskrnl.exe

C:\WINNT\system32\ntoskrnl.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Remaining Files:

---------------

 

Backups Folder: - C:\SDFix\backups\backups.zip

 

Listing Files with Hidden Attributes:

 

C:\COMMAND.COM

C:\Documents and Settings\Tom and LuRinda Pete\Application Data\Microsoft\Office\Shortcut Bar\Off2.tmp

 

Listing User Accounts:

 

User accounts for \\LURINDATOM

 

 

Administrator ASPNET Guest

Tom and LuRinda Pete

 

 

Finished

 

 

 

ComboFix 07-06-13.7 - C:\Documents and Settings\Tom and LuRinda Pete\Desktop\ComboFix.exe

"Tom and LuRinda Pete" - 06/18/2007 22:33:02 - Service Pack 4 NTFS

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\nm

 

 

((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))

 

 

2007-06-18 22:32 49,152 --a------ C:\WINNT\nircmd.exe

2007-06-14 21:26 382,464 --a------ C:\WINNT\imgdll.dll

2007-06-14 21:26 172,032 --a------ C:\WINNT\Slideshow.scr

2007-06-11 19:34 <DIR> d-------- C:\WINNT\system32\ActiveScan

2007-06-11 15:09 <DIR> d-------- C:\WINNT\BDOSCAN8

2007-06-09 15:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\PureEdge

2007-06-09 14:59 270,336 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-06-09 14:59 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help

2007-05-31 11:25 <DIR> d-------- C:\WINNT\system32\SoftwareDistribution

2007-05-31 09:07 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys

2007-05-30 21:30 <DIR> d-------- C:\DOCUME~1\TOMAND~1\APPLIC~1\Lavasoft

2007-05-30 21:29 <DIR> d-------- C:\Program Files\Lavasoft

2007-05-30 21:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-05-29 08:15 <DIR> d-------- C:\HJT

2007-05-28 19:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-12 02:01:21 -------- d-----w C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor

2007-06-12 02:01:08 -------- d-----w C:\Program Files\Microsoft ActiveSync

2007-06-12 02:01:02 -------- d-----w C:\Program Files\You've Got Mail

2007-06-12 02:00:55 -------- d-----w C:\Program Files\PrintKey2000

2007-05-31 17:25:29 -------- d--ha-w C:\Program Files\WindowsUpdate

2007-05-07 23:09:54 -------- d-----w C:\DOCUME~1\TOMAND~1\APPLIC~1\Digital Album Organizer

2007-05-07 23:09:02 -------- d-----w C:\Program Files\Fujifilm e-Systems

2007-05-07 23:09:01 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-03 19:23:08 -------- d-----w C:\Program Files\Calendar Creator 7.0 Deluxe

2007-04-25 07:52:16 147,216 ----a-w C:\WINNT\system32\SCHANNEL.DLL

2007-04-17 04:47:36 33,624 ----a-w C:\WINNT\system32\wups.dll

2007-04-17 04:45:54 1,710,936 ----a-w C:\WINNT\system32\wuaueng.dll

2007-04-17 04:45:48 549,720 ----a-w C:\WINNT\system32\wuapi.dll

2007-04-17 04:45:42 325,976 ----a-w C:\WINNT\system32\wucltui.dll

2007-04-17 04:45:36 203,096 ----a-w C:\WINNT\system32\wuweb.dll

2007-04-17 04:45:28 92,504 ----a-w C:\WINNT\system32\cdm.dll

2007-04-17 04:45:20 53,080 ----a-w C:\WINNT\system32\wuauclt.exe

2007-04-17 04:45:20 43,352 ----a-w C:\WINNT\system32\wups2.dll

2007-04-17 04:44:20 271,224 ----a-w C:\WINNT\system32\mucltui.dll

2007-04-17 04:44:18 208,248 ----a-w C:\WINNT\system32\muweb.dll

2007-04-16 12:44:08 54,032 ----a-w C:\WINNT\system32\mpr.dll

2007-04-05 07:17:39 2,854,400 ----a-w C:\WINNT\system32\msi.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [05-11-21 15:54 ]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [06-12-18 05:16 ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 C:\WINNT\system32\mobsync.exe]

"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [03-01-14 18:02 ]

"DSL Connection Tool"="C:\Program Files\MSN\MSNIA\dslmon.exe" [02-10-26 14:43 ]

"C-Media Mixer"="Mixer.exe" [02-10-15 18:00 C:\WINNT\mixer.exe]

"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [02-10-23 11:40 ]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05-12-24 14:10 ]

"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [04-09-29 17:49 ]

"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" [05-07-04 10:50 ]

"WUSB54Gv2"="C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [04-04-19 09:19 ]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05-02-16 23:11 ]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06-10-07 06:20 ]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [04-09-29 17:56 ]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [06-11-13 14:39 ]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [06-03-30 17:45 ]

"You've Got Mail"="C:\Program Files\You've Got Mail\You've Got Mail.EXE" [05-11-14 20:23 ]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]

Source= C:\Documents and Settings\Tom and LuRinda Pete\My Documents\My Pictures\Christmas Eve Brkfst 06.bmp

FriendlyName=

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [06-09-28 08:13 ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync]

WcesWlgn.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs

WmdmPmSN

 

*Newly Created Service* - IPNAT

*Newly Created Service* - SHAREDACCESS

 

Contents of the 'Scheduled Tasks' folder

2007-06-10 18:03:01 C:\WINNT\tasks\{09597CDE-5E54-4D69-BC4D-290B1DD086D5}_LURINDATOM_Tom and LuRinda Pete.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-18 22:39:32

Windows 5.0.2195 Service Pack 4 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-06-18 22:42:03 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 07-06-18 22:41

 

--- E O F ---

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:50:46 PM, on 6/18/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe

C:\WINNT\Explorer.EXE

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\MSN\MSNIA\dslmon.exe

C:\WINNT\Mixer.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\You've Got Mail\You've Got Mail.EXE

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINNT\system32\NOTEPAD.EXE

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.equibase.com/static/entry/index.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HILLPROXY.HILL.AFMC.DS.AF.MIL:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>

R3 - URLSearchHook: (no name) - {9285901C-2731-4E57-8F17-6B016168CA98} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [DSL Connection Tool] C:\Program Files\MSN\MSNIA\dslmon.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce

O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [You've Got Mail] C:\Program Files\You've Got Mail\You've Got Mail.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O12 - Plugin for .xfd: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://reciperewards.aavalue.com/rr/toolbar/rr-toolbar.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162954153812

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://privacyprotector.com/.freeware/cab/...cyprotector.cab

O20 - Winlogon Notify: ActiveSync - C:\WINNT\SYSTEM32\WcesWlgn.dll

O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - NetServices.exe (file missing)

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

O23 - Service: WUSB54Gv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv2.exe (file missing)

 

 

Thanks so much

Rich

Share this post


Link to post
Share on other sites

[*]Run HijackThis, Choose "Do a system scan only" and checkmark the box next to the following entries.

  • R3 - URLSearchHook: (no name) - {9285901C-2731-4E57-8F17-6B016168CA98} - (no file)
    O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} -
http://reciperewards.aavalue.com/rr/toolbar/rr-toolbar.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://privacyprotector.com/.freeware/cab/...cyprotector.cab
O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - NetServices.exe (file missing)

[*]Close all other windows and browsers, then click "Fix Checked".

 

Please reboot and post a fresh HijackThis log.

 

Can you change your desktop now? If not what kind of picture is stuck there is it this one Christmas Eve Brkfst 06.bmp ?

Share this post


Link to post
Share on other sites

Here's the new log. I think it is fixed. Thanks!

 

Logfile of HijackThis v1.99.1

Scan saved at 8:21:58 AM, on 7/3/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\MSN\MSNIA\dslmon.exe

C:\WINNT\Mixer.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\You've Got Mail\You've Got Mail.EXE

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.equibase.com/static/entry/index.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HILLPROXY.HILL.AFMC.DS.AF.MIL:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [DSL Connection Tool] C:\Program Files\MSN\MSNIA\dslmon.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce

O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [You've Got Mail] C:\Program Files\You've Got Mail\You've Got Mail.EXE

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Startup: Launch Internet Explorer Browser (2).lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE

O4 - Startup: Launch Microsoft Office Outlook (2).lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

O4 - Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O12 - Plugin for .xfd: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162954153812

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: ActiveSync - C:\WINNT\SYSTEM32\WcesWlgn.dll

O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

O23 - Service: WUSB54Gv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv2.exe (file missing)

Share this post


Link to post
Share on other sites

Glad to here your computer is running better. :thumbsup:

 

I notice you have put Outlook and Internet Explorer in your startup. I am not sure how safe that is. It would be better to launch them from the icon after your Anti-virus and Firewall has had time to load, but it is up to you.

 

Below I have included a couple recommendations for how to protect your computer in order to prevent future malware infections.

 

[*]Please make sure to run your antivirus software regularly, and to keep it up-to-date.

  • If your subscription is expired let me know and I can recommend some alternatives.

[*]If you do not already have one, consider maintaining a firewall.

[*]Please also read Tony Klein's excellent article: How I got Infected in the First Place

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0