• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
EngravEER

WinXp / Large Amount Of Hijacked Domains

18 posts in this topic

Greetings from Martinsburg, WV USA:

 

Came home from work to find an apologetic wife and an infected Dell XPS 410 desktop PC running Windows XP. She had clicked on a video link on a news site and that's all it took. Entering google.com now takes you to the Google Netherlands site. Trying to access gmail gives a security warning. Had been running Avira Antivirus but the infection will not let me update and run that program.

 

I have read the FAQ.

 

I downloaded and ran Spybot, Malwarebytes and HijackThis v 2.0.2. Logs are attached for both MB and HJT.

 

Scan in Spybot showed two infections...

 

Fraud.WindowsProtection Suite - Malware/15 entries

Microsoft.Windows.RedirectedHosts - SecurityC/3 entries

 

When I got to fix these infections in Spybot, I get a message saying, "Unexpected error in fixing problems (cannot create file). c:\windows\system32\drivers\etc\hosts access is denied"

 

Upon opening and running HJT, I get this message, "For some reason your system denied access to the Hosts file. You have a particularly large amount of hijacked domains."

 

Thanks in advance for any help you can provide!

 

Rick

 

 

Logs are as follows...

 

Malwarebytes:

 

Malwarebytes' Anti-Malware 1.42

Database version: 3331

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

12/9/2009 10:27:55 AM

mbam-log-2009-12-09 (10-27-55).txt

 

Scan type: Quick Scan

Objects scanned: 150567

Time elapsed: 10 minute(s), 46 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Astrocom (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NeoChronos (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\neochronos (Trojan.FakeAlert) -> Quarantined and deleted

 

successfully.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

**********************************************************************************************

 

HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:31:19 AM, on 12/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\dvd43\dvd43_tray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Documents and Settings\Rick Rohn\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Spb Backup\SpbBackupSync.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061209

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en

O1 - Hosts: 74.125.45.100 4-open-davinci.com

O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com

O1 - Hosts: 74.125.45.100 privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getavplusnow.com

O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com

O1 - Hosts: 74.125.45.100 urs.microsoft.com

O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com

O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com

O1 - Hosts: 74.125.45.100 paysoftbillsolution.com

O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com

O1 - Hosts: 93.174.89.12 google.ae

O1 - Hosts: 93.174.89.12 google.as

O1 - Hosts: 93.174.89.12 google.at

O1 - Hosts: 93.174.89.12 google.az

O1 - Hosts: 93.174.89.12 google.ba

O1 - Hosts: 93.174.89.12 google.be

O1 - Hosts: 93.174.89.12 google.bg

O1 - Hosts: 93.174.89.12 google.bs

O1 - Hosts: 93.174.89.12 google.ca

O1 - Hosts: 93.174.89.12 google.cd

O1 - Hosts: 93.174.89.12 google.com.gh

O1 - Hosts: 93.174.89.12 google.com.hk

O1 - Hosts: 93.174.89.12 google.com.jm

O1 - Hosts: 93.174.89.12 google.com.mx

O1 - Hosts: 93.174.89.12 google.com.my

O1 - Hosts: 93.174.89.12 google.com.na

O1 - Hosts: 93.174.89.12 google.com.nf

O1 - Hosts: 93.174.89.12 google.com.ng

O1 - Hosts: 93.174.89.12 google.ch

O1 - Hosts: 93.174.89.12 google.com.np

O1 - Hosts: 93.174.89.12 google.com.pr

O1 - Hosts: 93.174.89.12 google.com.qa

O1 - Hosts: 93.174.89.12 google.com.sg

O1 - Hosts: 93.174.89.12 google.com.tj

O1 - Hosts: 93.174.89.12 google.com.tw

O1 - Hosts: 93.174.89.12 google.dj

O1 - Hosts: 93.174.89.12 google.de

O1 - Hosts: 93.174.89.12 google.dk

O1 - Hosts: 93.174.89.12 google.dm

O1 - Hosts: 93.174.89.12 google.ee

O1 - Hosts: 93.174.89.12 google.fi

O1 - Hosts: 93.174.89.12 google.fm

O1 - Hosts: 93.174.89.12 google.fr

O1 - Hosts: 93.174.89.12 google.ge

O1 - Hosts: 93.174.89.12 google.gg

O1 - Hosts: 93.174.89.12 google.gm

O1 - Hosts: 93.174.89.12 google.gr

O1 - Hosts: 93.174.89.12 google.ht

O1 - Hosts: 93.174.89.12 google.ie

O1 - Hosts: 93.174.89.12 google.im

O1 - Hosts: 93.174.89.12 google.in

O1 - Hosts: 93.174.89.12 google.it

O1 - Hosts: 93.174.89.12 google.ki

O1 - Hosts: 93.174.89.12 google.la

O1 - Hosts: 93.174.89.12 google.li

O1 - Hosts: 93.174.89.12 google.lv

O1 - Hosts: 93.174.89.12 google.ma

O1 - Hosts: 93.174.89.12 google.ms

O1 - Hosts: 93.174.89.12 google.mu

O1 - Hosts: 93.174.89.12 google.mw

O1 - Hosts: 93.174.89.12 google.nl

O1 - Hosts: 93.174.89.12 google.no

O1 - Hosts: 93.174.89.12 google.nr

O1 - Hosts: 93.174.89.12 google.nu

O1 - Hosts: 93.174.89.12 google.pl

O1 - Hosts: 93.174.89.12 google.pn

O1 - Hosts: 93.174.89.12 google.pt

O1 - Hosts: 93.174.89.12 google.ro

O1 - Hosts: 93.174.89.12 google.ru

O1 - Hosts: 93.174.89.12 google.rw

O1 - Hosts: 93.174.89.12 google.sc

O1 - Hosts: 93.174.89.12 google.se

O1 - Hosts: 93.174.89.12 google.sh

O1 - Hosts: 93.174.89.12 google.si

O1 - Hosts: 93.174.89.12 google.sm

O1 - Hosts: 93.174.89.12 google.sn

O1 - Hosts: 93.174.89.12 google.st

O1 - Hosts: 93.174.89.12 google.tl

O1 - Hosts: 93.174.89.12 google.tm

O1 - Hosts: 93.174.89.12 google.tt

O1 - Hosts: 93.174.89.12 google.us

O1 - Hosts: 93.174.89.12 google.vu

O1 - Hosts: 93.174.89.12 google.ws

O1 - Hosts: 93.174.89.12 google.co.ck

O1 - Hosts: 93.174.89.12 google.co.id

O1 - Hosts: 93.174.89.12 google.co.il

O1 - Hosts: 93.174.89.12 google.co.in

O1 - Hosts: 93.174.89.12 google.co.jp

O1 - Hosts: 93.174.89.12 google.co.kr

O1 - Hosts: 93.174.89.12 google.co.ls

O1 - Hosts: 93.174.89.12 google.co.ma

O1 - Hosts: 93.174.89.12 google.co.nz

O1 - Hosts: 93.174.89.12 google.co.tz

O1 - Hosts: 93.174.89.12 google.co.ug

O1 - Hosts: 93.174.89.12 google.co.uk

O1 - Hosts: 93.174.89.12 google.co.za

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [sansaDispatch] C:\Documents and Settings\Rick Rohn\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: Spb Backup Sync.lnk = C:\Program Files\Spb Backup\SpbBackupSync.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://www.etoreports.com/viewer9/activeXViewer/activexviewer.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.onlinegis.net/download/MgViewer6.0CAB/mgaxctrl.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183553476281

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://trax.nfocus.com/AppSupport/arview2.cab

O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 12471 bytes

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

 

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi, and Welcome to SWI

 

Sorry it has taken so long to get to you, but the board has been very busy lately, and all the Helpers here are volunteers.

 

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.

 

Download HostsXpert from here: http://www.funkytoad.com/download/HostsXpert.zip

Extract the file HostsXpert.exe to your Desktop and run it.

Click 'Restore MS Hosts file' and press 'OK'

Exit Program.

Note: if you were using a custom Hosts file you will need to replace any of those entries yourself.

 

Please Run Malwarebytes' Anti-Malware.

  • Click the Update tab.
  • Click Check for Updates.
  • If an update is found, it will download and install.
  • Click the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply along with a fresh HijackThis log.

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

 

Download "SUPERAntiSpyware Free Edition" from this link:

http://www.superantispyware.com/download.html

 

Install and update the scanner.

 

Start the scanner, click "Scan your computer", mark the drives that you want to scan (in the left window, select all your drives). Select "Perform Complete Scan" (in the right window). Click "next"

 

The scanner will now start to scan. As soon as it has finished, you should mark everything that is found, and let the scanner fix it.

 

Open the scanner again. Click "preferences"-> "stastics/logs". Mark the log. Click "View log", and copy the content of this log into your next reply along with a new HijackThis log.

 

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.googl...back.html?hl=en

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

 

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

 

Please go to VirusTotal and submit the following file for a scan and post the detection results (I don't need the "additional information") in your next reply:

C:\Program Files\Spb Backup\SpbBackupSync.exe

 

Please post a new HijackThis log, the log from MBAM, the log from Security Check (checkup.txt), The results form scanning the file at VirusTotal, and in a second reply (so nothing is cut off by the maximum post length) The log from SUPERAntiSpyware, and note any errors encountered.

Share this post


Link to post
Share on other sites

Hi EngravEER, and Welcome to SWI

 

Sorry it has taken so long to get to you, but the board has been very busy lately, and all the Helpers here are volunteers.

 

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.

 

Download HostsXpert from here: http://www.funkytoad.com/download/HostsXpert.zip

Extract the file HostsXpert.exe to your Desktop and run it.

Click 'Restore MS Hosts file' and press 'OK'

Exit Program.

Note: if you were using a custom Hosts file you will need to replace any of those entries yourself.

 

Please Run Malwarebytes' Anti-Malware.

  • Click the Update tab.
  • Click Check for Updates.
  • If an update is found, it will download and install.
  • Click the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply along with a fresh HijackThis log.

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

 

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.googl...back.html?hl=en

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

 

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

 

Download DDS by sUBs from one of the following links. Save it to your desktop.

DDS.com

DDS.scr

DDS.pif

  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • When DDS has finished scanning, you will save two files, dds.txt and attach.txt
  • Please post both logs in your next reply
  • Close the program window, and delete the program from your desktop.

 

Please go to VirusTotal and submit the following file for a scan and post the detection results (I don't need the "additional information") in your next reply:

C:\Program Files\Spb Backup\SpbBackupSync.exe

 

Please post a new HijackThis log, the log from MBAM, the results from scanning the file at VirusTotal, and in a second reply (so nothing is cut off by the maximum post length) please post the contents of dds.txt from running DDS, and in a third reply, the contents of attach.txt.

Share this post


Link to post
Share on other sites

Hi, and Welcome to SWI

 

Sorry it has taken so long to get to you, but the board has been very busy lately, and all the Helpers here are volunteers.

 

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.

 

Download HostsXpert from here: http://www.funkytoad.com/download/HostsXpert.zip

Extract the file HostsXpert.exe to your Desktop and run it.

Click 'Restore MS Hosts file' and press 'OK'

Exit Program.

Note: if you were using a custom Hosts file you will need to replace any of those entries yourself.

 

Please Run Malwarebytes' Anti-Malware.

  • Click the Update tab.
  • Click Check for Updates.
  • If an update is found, it will download and install.
  • Click the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply along with a fresh HijackThis log.

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

 

Download "SUPERAntiSpyware Free Edition" from this link:

http://www.superantispyware.com/download.html

 

Install and update the scanner.

 

Start the scanner, click "Scan your computer", mark the drives that you want to scan (in the left window, select all your drives). Select "Perform Complete Scan" (in the right window). Click "next"

 

The scanner will now start to scan. As soon as it has finished, you should mark everything that is found, and let the scanner fix it.

 

Open the scanner again. Click "preferences"-> "stastics/logs". Mark the log. Click "View log", and copy the content of this log into your next reply along with a new HijackThis log.

 

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.googl...back.html?hl=en

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

 

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

 

Please go to VirusTotal and submit the following file for a scan and post the detection results (I don't need the "additional information") in your next reply:

C:\Program Files\Spb Backup\SpbBackupSync.exe

 

Please post a new HijackThis log, the log from MBAM, the log from Security Check (checkup.txt), The results form scanning the file at VirusTotal, and in a second reply (so nothing is cut off by the maximum post length) The log from SUPERAntiSpyware, and note any errors encountered.

Mr./Ms. Joker:

 

Thank you very much for replying and for working with me on this problem. You were always one of my favorite characters on the 1960's "Batman" sitcom :-)

 

You posted two replies back-to-back so I'm a little confused on which I should work from. The initial steps are the same in each though, so I'm going from your first post (the one from 6:24am my time).

 

I downloaded and ran HostsXpert from my Desktop. When I click on "Restore MS Hosts file" and press "OK", I'm immediately greeted with the message "ERROR: Cannot create file C;\WINDOWS/system32\DRIVERS\ETC\hosts". I know how important it is to do everything in the EXACT order you specify, so upon encountering that error message, I stopped and am now making this post to see how you want me to handle this error message? Do I just continue on with the other steps you outlined or do you want me to do something else.

 

Will wait to hear back. Thanks.

Share this post


Link to post
Share on other sites

My apologies. I was editing and didn't realize that the first version had posted. Here's new instructions; really it's simply the second set of instructions I posted with the first part (running HostsXpert) being done in Safe mode, and if there's an error simply skipping that step (at any point).

 

Since you already have HostsXpert downloaded, there's no need to download it again.

 

Now reboot to Safe Mode - Restart your computer and begin tapping the F8 key on your keyboard.

If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

To return to normal mode just restart your computer as you normally would.

 

Double-click on HostsXpert.exe on your Desktop to run it.

Click 'Restore MS Hosts file' and press 'OK'

Exit Program.

Note: if you were using a custom Hosts file you will need to replace any of those entries yourself.

If there is an error here, simply continue to the next step (rebooting).

 

Now reboot your system.

 

Please Run Malwarebytes' Anti-Malware.

  • Click the Update tab.
  • Click Check for Updates.
  • If an update is found, it will download and install.
  • Click the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply along with a fresh HijackThis log.

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

 

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.googl...back.html?hl=en

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

 

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

 

Download DDS by sUBs from one of the following links. Save it to your desktop.

DDS.com

DDS.scr

DDS.pif

  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • When DDS has finished scanning, you will save two files, dds.txt and attach.txt
  • Please post both logs in your next reply
  • Close the program window, and delete the program from your desktop.

 

Please go to VirusTotal and submit the following file for a scan and post the detection results (I don't need the "additional information") in your next reply:

C:\Program Files\Spb Backup\SpbBackupSync.exe

 

Please post a new HijackThis log, the log from MBAM, the results from scanning the file at VirusTotal, and in a second reply (so nothing is cut off by the maximum post length) please post the contents of dds.txt from running DDS, and in a third reply, the contents of attach.txt.

Share this post


Link to post
Share on other sites

My apologies. I was editing and didn't realize that the first version had posted. Here's new instructions; really it's simply the second set of instructions I posted with the first part (running HostsXpert) being done in Safe mode, and if there's an error simply skipping that step (at any point).

 

Since you already have HostsXpert downloaded, there's no need to download it again.

 

Now reboot to Safe Mode - Restart your computer and begin tapping the F8 key on your keyboard.

If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

To return to normal mode just restart your computer as you normally would.

 

Double-click on HostsXpert.exe on your Desktop to run it.

Click 'Restore MS Hosts file' and press 'OK'

Exit Program.

Note: if you were using a custom Hosts file you will need to replace any of those entries yourself.

If there is an error here, simply continue to the next step (rebooting).

 

Now reboot your system.

 

Please Run Malwarebytes' Anti-Malware.

  • Click the Update tab.
  • Click Check for Updates.
  • If an update is found, it will download and install.
  • Click the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply along with a fresh HijackThis log.

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

 

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.googl...back.html?hl=en

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

 

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

 

Download DDS by sUBs from one of the following links. Save it to your desktop.

DDS.com

DDS.scr

DDS.pif

  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • When DDS has finished scanning, you will save two files, dds.txt and attach.txt
  • Please post both logs in your next reply
  • Close the program window, and delete the program from your desktop.

 

Please go to VirusTotal and submit the following file for a scan and post the detection results (I don't need the "additional information") in your next reply:

C:\Program Files\Spb Backup\SpbBackupSync.exe

 

Please post a new HijackThis log, the log from MBAM, the results from scanning the file at VirusTotal, and in a second reply (so nothing is cut off by the maximum post length) please post the contents of dds.txt from running DDS, and in a third reply, the contents of attach.txt.

Joker:

 

Booted into safe Mode and ran HostsExpert. Same result as before... "ERROR: Cannot create file C:\WINDOWS\...\hosts".

Rebooted regularly, ran MB... nothing found.

Ran HJT, system scan only... found those two entries, checked, clicked "Fixed Checked"... done.

Remaining steps, per your instructions.

 

HJT logo, MB log & scanning results from VirusTotal attached below. dds.txt in next post. Contents of attached.txt in third post.

 

Thank you :-)

 

 

HJT Log...

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:19:07 AM, on 12/15/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\dvd43\dvd43_tray.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Documents and Settings\Rick Rohn\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\Spb Backup\SpbBackupSync.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061209

O1 - Hosts: 74.125.45.100 4-open-davinci.com

O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com

O1 - Hosts: 74.125.45.100 privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getavplusnow.com

O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com

O1 - Hosts: 74.125.45.100 urs.microsoft.com

O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com

O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com

O1 - Hosts: 74.125.45.100 paysoftbillsolution.com

O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com

O1 - Hosts: 93.174.89.12 google.ae

O1 - Hosts: 93.174.89.12 google.as

O1 - Hosts: 93.174.89.12 google.at

O1 - Hosts: 93.174.89.12 google.az

O1 - Hosts: 93.174.89.12 google.ba

O1 - Hosts: 93.174.89.12 google.be

O1 - Hosts: 93.174.89.12 google.bg

O1 - Hosts: 93.174.89.12 google.bs

O1 - Hosts: 93.174.89.12 google.ca

O1 - Hosts: 93.174.89.12 google.cd

O1 - Hosts: 93.174.89.12 google.com.gh

O1 - Hosts: 93.174.89.12 google.com.hk

O1 - Hosts: 93.174.89.12 google.com.jm

O1 - Hosts: 93.174.89.12 google.com.mx

O1 - Hosts: 93.174.89.12 google.com.my

O1 - Hosts: 93.174.89.12 google.com.na

O1 - Hosts: 93.174.89.12 google.com.nf

O1 - Hosts: 93.174.89.12 google.com.ng

O1 - Hosts: 93.174.89.12 google.ch

O1 - Hosts: 93.174.89.12 google.com.np

O1 - Hosts: 93.174.89.12 google.com.pr

O1 - Hosts: 93.174.89.12 google.com.qa

O1 - Hosts: 93.174.89.12 google.com.sg

O1 - Hosts: 93.174.89.12 google.com.tj

O1 - Hosts: 93.174.89.12 google.com.tw

O1 - Hosts: 93.174.89.12 google.dj

O1 - Hosts: 93.174.89.12 google.de

O1 - Hosts: 93.174.89.12 google.dk

O1 - Hosts: 93.174.89.12 google.dm

O1 - Hosts: 93.174.89.12 google.ee

O1 - Hosts: 93.174.89.12 google.fi

O1 - Hosts: 93.174.89.12 google.fm

O1 - Hosts: 93.174.89.12 google.fr

O1 - Hosts: 93.174.89.12 google.ge

O1 - Hosts: 93.174.89.12 google.gg

O1 - Hosts: 93.174.89.12 google.gm

O1 - Hosts: 93.174.89.12 google.gr

O1 - Hosts: 93.174.89.12 google.ht

O1 - Hosts: 93.174.89.12 google.ie

O1 - Hosts: 93.174.89.12 google.im

O1 - Hosts: 93.174.89.12 google.in

O1 - Hosts: 93.174.89.12 google.it

O1 - Hosts: 93.174.89.12 google.ki

O1 - Hosts: 93.174.89.12 google.la

O1 - Hosts: 93.174.89.12 google.li

O1 - Hosts: 93.174.89.12 google.lv

O1 - Hosts: 93.174.89.12 google.ma

O1 - Hosts: 93.174.89.12 google.ms

O1 - Hosts: 93.174.89.12 google.mu

O1 - Hosts: 93.174.89.12 google.mw

O1 - Hosts: 93.174.89.12 google.nl

O1 - Hosts: 93.174.89.12 google.no

O1 - Hosts: 93.174.89.12 google.nr

O1 - Hosts: 93.174.89.12 google.nu

O1 - Hosts: 93.174.89.12 google.pl

O1 - Hosts: 93.174.89.12 google.pn

O1 - Hosts: 93.174.89.12 google.pt

O1 - Hosts: 93.174.89.12 google.ro

O1 - Hosts: 93.174.89.12 google.ru

O1 - Hosts: 93.174.89.12 google.rw

O1 - Hosts: 93.174.89.12 google.sc

O1 - Hosts: 93.174.89.12 google.se

O1 - Hosts: 93.174.89.12 google.sh

O1 - Hosts: 93.174.89.12 google.si

O1 - Hosts: 93.174.89.12 google.sm

O1 - Hosts: 93.174.89.12 google.sn

O1 - Hosts: 93.174.89.12 google.st

O1 - Hosts: 93.174.89.12 google.tl

O1 - Hosts: 93.174.89.12 google.tm

O1 - Hosts: 93.174.89.12 google.tt

O1 - Hosts: 93.174.89.12 google.us

O1 - Hosts: 93.174.89.12 google.vu

O1 - Hosts: 93.174.89.12 google.ws

O1 - Hosts: 93.174.89.12 google.co.ck

O1 - Hosts: 93.174.89.12 google.co.id

O1 - Hosts: 93.174.89.12 google.co.il

O1 - Hosts: 93.174.89.12 google.co.in

O1 - Hosts: 93.174.89.12 google.co.jp

O1 - Hosts: 93.174.89.12 google.co.kr

O1 - Hosts: 93.174.89.12 google.co.ls

O1 - Hosts: 93.174.89.12 google.co.ma

O1 - Hosts: 93.174.89.12 google.co.nz

O1 - Hosts: 93.174.89.12 google.co.tz

O1 - Hosts: 93.174.89.12 google.co.ug

O1 - Hosts: 93.174.89.12 google.co.uk

O1 - Hosts: 93.174.89.12 google.co.za

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [sansaDispatch] C:\Documents and Settings\Rick Rohn\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: Spb Backup Sync.lnk = C:\Program Files\Spb Backup\SpbBackupSync.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://www.etoreports.com/viewer9/activeXViewer/activexviewer.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.onlinegis.net/download/MgViewer6.0CAB/mgaxctrl.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183553476281

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://trax.nfocus.com/AppSupport/arview2.cab

O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 12204 bytes

 

 

MB Log...

 

Malwarebytes' Anti-Malware 1.42

Database version: 3363

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

12/15/2009 12:51:14 AM

mbam-log-2009-12-15 (00-51-14).txt

 

Scan type: Quick Scan

Objects scanned: 151313

Time elapsed: 10 minute(s), 38 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

VirusTotal text...

 

File SpbBackupSync.exe received on 2009.12.15 06:12:22 (UTC)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/41 (0%)

Loading server information...

Your file is queued in position: 9.

Estimated start time is between 90 and 128 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Compact

Print results Print results

Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

 

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:

 

Antivirus Version Last Update Result

a-squared 4.5.0.43 2009.12.15 -

AhnLab-V3 5.0.0.2 2009.12.15 -

AntiVir 7.9.1.108 2009.12.14 -

Antiy-AVL 2.0.3.7 2009.12.14 -

Authentium 5.2.0.5 2009.12.02 -

Avast 4.8.1351.0 2009.12.14 -

AVG 8.5.0.427 2009.12.14 -

BitDefender 7.2 2009.12.15 -

CAT-QuickHeal 10.00 2009.12.15 -

ClamAV 0.94.1 2009.12.15 -

Comodo 3248 2009.12.15 -

DrWeb 5.0.0.12182 2009.12.14 -

eSafe 7.0.17.0 2009.12.14 -

eTrust-Vet 35.1.7175 2009.12.14 -

F-Prot 4.5.1.85 2009.12.14 -

F-Secure 9.0.15370.0 2009.12.15 -

Fortinet 4.0.14.0 2009.12.15 -

GData 19 2009.12.15 -

Ikarus T3.1.1.74.0 2009.12.15 -

Jiangmin 13.0.900 2009.12.15 -

K7AntiVirus 7.10.920 2009.12.14 -

Kaspersky 7.0.0.125 2009.12.15 -

McAfee 5832 2009.12.14 -

McAfee+Artemis 5832 2009.12.14 -

McAfee-GW-Edition 6.8.5 2009.12.15 -

Microsoft 1.5302 2009.12.15 -

NOD32 4688 2009.12.15 -

Norman 6.04.03 2009.12.14 -

nProtect 2009.1.8.0 2009.12.15 -

Panda 10.0.2.2 2009.12.14 -

PCTools 7.0.3.5 2009.12.15 -

Prevx 3.0 2009.12.15 -

Rising 22.26.01.01 2009.12.15 -

Sophos 4.48.0 2009.12.15 -

Sunbelt 3.2.1858.2 2009.12.15 -

Symantec 1.4.4.12 2009.12.15 -

TheHacker 6.5.0.2.093 2009.12.15 -

TrendMicro 9.100.0.1001 2009.12.15 -

VBA32 3.12.12.0 2009.12.13 -

ViRobot 2009.12.15.2088 2009.12.15 -

VirusBuster 5.0.21.0 2009.12.14 -

Share this post


Link to post
Share on other sites

dds.txt contents...

 

 

DDS (Ver_09-12-01.01) - NTFSx86

Run by Rick Rohn at 1:06:24.68 on Tue 12/15/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1501 [GMT -5:00]

 

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Additional Guard *On-access scanning enabled* (Updated) {F31DD4F1-7C7B-466A-8ACD-1BA6EF903A58}

FW: Additional Guard *enabled* {975FD0D1-9183-45FA-8DD3-202E7420FA6D}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\dvd43\dvd43_tray.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Documents and Settings\Rick Rohn\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\Spb Backup\SpbBackupSync.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Rick Rohn\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [sansaDispatch] c:\documents and settings\rick rohn\application data\sandisk\sansa updater\SansaDispatch.exe

mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spbbac~1.lnk - c:\program files\spb backup\SpbBackupSync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.stonyfield.com/coupons/scriptX/smsx.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} - hxxps://www.etoreports.com/viewer9/activeXViewer/activexviewer.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab

DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.onlinegis.net/download/MgViewer6.0CAB/mgaxctrl.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183553476281

DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxps://trax.nfocus.com/AppSupport/arview2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - hxxp://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

IFEO: image file execution options - svchost.exe

IFEO: brastk.exe - svchost.exe

Hosts: 74.125.45.100 4-open-davinci.com

Hosts: 74.125.45.100 securitysoftwarepayments.com

Hosts: 74.125.45.100 privatesecuredpayments.com

Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Hosts: 74.125.45.100 getantivirusplusnow.com

 

Note: multiple HOSTS entries found. Please refer to Attach.txt

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\rickro~1\applic~1\mozilla\firefox\profiles\ul0sxj74.default\

FF - prefs.js: browser.search.selectedEngine - search

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: c:\documents and settings\becca rohn\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\rick rohn\application data\move networks\plugins\npqmp071500000347.dll

FF - plugin: c:\documents and settings\rick rohn\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\rick rohn\application data\move networks\plugins\npqmp071505000010.dll

FF - plugin: c:\documents and settings\rick rohn\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\rick rohn\application data\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\documents and settings\rick rohn\application data\mozilla\firefox\profiles\ul0sxj74.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

 

============= SERVICES / DRIVERS ===============

 

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-2 55656]

S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-8 135664]

S4 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]

S4 AntiVirService;Avira AntiVir Guard;"c:\program files\avira\antivir desktop\avguard.exe" --> c:\program files\avira\antivir desktop\avguard.exe [?]

 

=============== Created Last 30 ================

 

2009-12-07 02:57:26 0 d-----w- c:\docume~1\rickro~1\applic~1\Malwarebytes

2009-12-07 01:53:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-07 01:53:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-07 01:53:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-07 01:53:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-12-06 23:28:48 0 d-sh--w- c:\docume~1\alluse~1\applic~1\WIEASIOFLDNAG

2009-12-06 23:28:10 0 d-sh--w- c:\docume~1\alluse~1\applic~1\2224c41

2009-11-20 05:41:14 54156 ---ha-w- c:\windows\QTFont.qfn

2009-11-20 05:41:14 1409 ----a-w- c:\windows\QTFont.for

 

==================== Find3M ====================

 

2009-10-28 14:40:47 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll

2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys

2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll

2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-08-13 01:56:08 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

2008-05-13 05:26:54 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051320080514\index.dat

2009-03-23 23:45:34 32768 --sha-w- c:\windows\temp\cookies\index.dat

2009-03-24 00:19:09 81920 --sha-w- c:\windows\temp\history\history.ie5\index.dat

2009-03-24 00:23:23 376832 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

 

============= FINISH: 1:06:46.63 ===============

Share this post


Link to post
Share on other sites

attach.txt contents...

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-12-01.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 12/16/2006 9:52:22 AM

System Uptime: 12/15/2009 12:33:24 AM (1 hours ago)

 

Motherboard: Dell Inc. | | 0WG855

Processor: Intel® Core2 CPU 6600 @ 2.40GHz | Microprocessor | 2394/1066mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 98 GiB total, 72.027 GiB free.

D: is CDROM ()

G: is Removable

H: is Removable

I: is FIXED (NTFS) - 36 GiB total, 33.119 GiB free.

J: is FIXED (NTFS) - 328 GiB total, 322.556 GiB free.

K: is FIXED (NTFS) - 47 GiB total, 46.012 GiB free.

L: is FIXED (NTFS) - 105 GiB total, 102.303 GiB free.

M: is FIXED (NTFS) - 314 GiB total, 310.706 GiB free.

N: is Removable

O: is Removable

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP450: 9/17/2009 8:59:58 PM - System Checkpoint

RP451: 9/21/2009 9:39:13 PM - System Checkpoint

RP452: 9/23/2009 7:04:46 AM - System Checkpoint

RP453: 9/26/2009 11:36:56 AM - System Checkpoint

RP454: 9/27/2009 12:17:13 PM - System Checkpoint

RP455: 9/28/2009 12:59:02 PM - System Checkpoint

RP456: 9/29/2009 10:06:19 PM - System Checkpoint

RP457: 10/1/2009 10:13:48 AM - System Checkpoint

RP458: 10/2/2009 8:59:23 PM - System Checkpoint

RP459: 10/3/2009 8:59:50 PM - System Checkpoint

RP460: 10/4/2009 10:13:11 PM - System Checkpoint

RP461: 10/6/2009 1:05:19 AM - System Checkpoint

RP462: 10/7/2009 1:47:47 AM - System Checkpoint

RP463: 10/8/2009 1:59:47 AM - System Checkpoint

RP464: 10/9/2009 2:59:47 AM - System Checkpoint

RP465: 10/10/2009 3:59:47 AM - System Checkpoint

RP466: 10/11/2009 4:24:42 AM - System Checkpoint

RP467: 10/12/2009 5:35:37 AM - System Checkpoint

RP468: 10/13/2009 10:56:23 PM - System Checkpoint

RP469: 10/16/2009 7:06:30 AM - System Checkpoint

RP470: 10/17/2009 12:32:25 PM - Software Distribution Service 3.0

RP471: 10/18/2009 2:03:34 PM - System Checkpoint

RP472: 10/21/2009 9:41:01 AM - System Checkpoint

RP473: 10/22/2009 11:28:32 AM - System Checkpoint

RP474: 10/23/2009 12:29:30 PM - System Checkpoint

RP475: 10/24/2009 1:56:34 PM - System Checkpoint

RP476: 10/25/2009 2:03:01 PM - System Checkpoint

RP477: 10/26/2009 3:01:19 PM - System Checkpoint

RP478: 10/27/2009 9:57:00 PM - System Checkpoint

RP479: 10/30/2009 4:37:36 PM - System Checkpoint

RP480: 10/31/2009 5:56:34 PM - System Checkpoint

RP481: 11/1/2009 6:27:48 PM - System Checkpoint

RP482: 11/5/2009 8:12:32 AM - System Checkpoint

RP483: 11/6/2009 4:00:15 AM - Software Distribution Service 3.0

RP484: 11/7/2009 4:37:13 AM - System Checkpoint

RP485: 11/9/2009 1:59:30 AM - System Checkpoint

RP486: 11/10/2009 7:06:36 AM - System Checkpoint

RP487: 11/11/2009 3:00:21 AM - Software Distribution Service 3.0

RP488: 11/14/2009 9:07:09 AM - System Checkpoint

RP489: 11/16/2009 2:36:32 AM - System Checkpoint

RP490: 11/17/2009 2:44:36 AM - System Checkpoint

RP491: 11/18/2009 3:44:44 AM - System Checkpoint

RP492: 11/19/2009 7:03:11 AM - System Checkpoint

RP493: 11/19/2009 11:10:06 PM - Installed Java 6 Update 17

RP494: 11/21/2009 11:27:06 AM - System Checkpoint

RP495: 11/22/2009 12:43:04 PM - System Checkpoint

RP496: 11/23/2009 9:36:09 PM - System Checkpoint

RP497: 11/24/2009 10:20:03 PM - System Checkpoint

RP498: 11/25/2009 3:00:14 AM - Software Distribution Service 3.0

RP499: 11/26/2009 3:12:11 AM - System Checkpoint

RP500: 11/27/2009 4:01:02 AM - System Checkpoint

RP501: 11/30/2009 7:33:54 PM - System Checkpoint

RP502: 12/1/2009 7:40:21 PM - System Checkpoint

RP503: 12/2/2009 7:44:29 PM - System Checkpoint

RP504: 12/3/2009 8:14:15 PM - System Checkpoint

RP505: 12/4/2009 8:54:24 PM - System Checkpoint

RP506: 12/5/2009 9:18:59 PM - System Checkpoint

RP507: 12/6/2009 10:41:32 PM - System Checkpoint

RP508: 12/8/2009 12:16:24 AM - System Checkpoint

RP509: 12/9/2009 8:48:40 AM - System Checkpoint

RP510: 12/14/2009 11:14:37 AM - Software Distribution Service 3.0

 

==== Hosts File Hijack ======================

 

Hosts: 74.125.45.100 4-open-davinci.com

Hosts: 74.125.45.100 securitysoftwarepayments.com

Hosts: 74.125.45.100 privatesecuredpayments.com

Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Hosts: 74.125.45.100 getantivirusplusnow.com

Hosts: 74.125.45.100 secure-plus-payments.com

Hosts: 74.125.45.100 www.getantivirusplusnow.com

Hosts: 74.125.45.100 www.secure-plus-payments.com

Hosts: 74.125.45.100 www.getavplusnow.com

Hosts: 74.125.45.100 safebrowsing-cache.google.com

Hosts: 74.125.45.100 urs.microsoft.com

Hosts: 74.125.45.100 www.securesoftwarebill.com

Hosts: 74.125.45.100 secure.paysecuresystem.com

Hosts: 74.125.45.100 paysoftbillsolution.com

Hosts: 74.125.45.100 protected.maxisoftwaremart.com

Hosts: 93.174.89.12 google.ae

Hosts: 93.174.89.12 google.as

Hosts: 93.174.89.12 google.at

Hosts: 93.174.89.12 google.az

Hosts: 93.174.89.12 google.ba

Hosts: 93.174.89.12 google.be

Hosts: 93.174.89.12 google.bg

Hosts: 93.174.89.12 google.bs

Hosts: 93.174.89.12 google.ca

Hosts: 93.174.89.12 google.cd

Hosts: 93.174.89.12 google.com.gh

Hosts: 93.174.89.12 google.com.hk

Hosts: 93.174.89.12 google.com.jm

Hosts: 93.174.89.12 google.com.mx

Hosts: 93.174.89.12 google.com.my

Hosts: 93.174.89.12 google.com.na

Hosts: 93.174.89.12 google.com.nf

Hosts: 93.174.89.12 google.com.ng

Hosts: 93.174.89.12 google.ch

Hosts: 93.174.89.12 google.com.np

Hosts: 93.174.89.12 google.com.pr

Hosts: 93.174.89.12 google.com.qa

Hosts: 93.174.89.12 google.com.sg

Hosts: 93.174.89.12 google.com.tj

Hosts: 93.174.89.12 google.com.tw

Hosts: 93.174.89.12 google.dj

Hosts: 93.174.89.12 google.de

Hosts: 93.174.89.12 google.dk

Hosts: 93.174.89.12 google.dm

Hosts: 93.174.89.12 google.ee

Hosts: 93.174.89.12 google.fi

Hosts: 93.174.89.12 google.fm

Hosts: 93.174.89.12 google.fr

Hosts: 93.174.89.12 google.ge

Hosts: 93.174.89.12 google.gg

Hosts: 93.174.89.12 google.gm

Hosts: 93.174.89.12 google.gr

Hosts: 93.174.89.12 google.ht

Hosts: 93.174.89.12 google.ie

Hosts: 93.174.89.12 google.im

Hosts: 93.174.89.12 google.in

Hosts: 93.174.89.12 google.it

Hosts: 93.174.89.12 google.ki

Hosts: 93.174.89.12 google.la

Hosts: 93.174.89.12 google.li

Hosts: 93.174.89.12 google.lv

Hosts: 93.174.89.12 google.ma

Hosts: 93.174.89.12 google.ms

Hosts: 93.174.89.12 google.mu

Hosts: 93.174.89.12 google.mw

Hosts: 93.174.89.12 google.nl

Hosts: 93.174.89.12 google.no

Hosts: 93.174.89.12 google.nr

Hosts: 93.174.89.12 google.nu

Hosts: 93.174.89.12 google.pl

Hosts: 93.174.89.12 google.pn

Hosts: 93.174.89.12 google.pt

Hosts: 93.174.89.12 google.ro

Hosts: 93.174.89.12 google.ru

Hosts: 93.174.89.12 google.rw

Hosts: 93.174.89.12 google.sc

Hosts: 93.174.89.12 google.se

Hosts: 93.174.89.12 google.sh

Hosts: 93.174.89.12 google.si

Hosts: 93.174.89.12 google.sm

Hosts: 93.174.89.12 google.sn

Hosts: 93.174.89.12 google.st

Hosts: 93.174.89.12 google.tl

Hosts: 93.174.89.12 google.tm

Hosts: 93.174.89.12 google.tt

Hosts: 93.174.89.12 google.us

Hosts: 93.174.89.12 google.vu

Hosts: 93.174.89.12 google.ws

Hosts: 93.174.89.12 google.co.ck

Hosts: 93.174.89.12 google.co.id

Hosts: 93.174.89.12 google.co.il

Hosts: 93.174.89.12 google.co.in

Hosts: 93.174.89.12 google.co.jp

Hosts: 93.174.89.12 google.co.kr

Hosts: 93.174.89.12 google.co.ls

Hosts: 93.174.89.12 google.co.ma

Hosts: 93.174.89.12 google.co.nz

Hosts: 93.174.89.12 google.co.tz

Hosts: 93.174.89.12 google.co.ug

Hosts: 93.174.89.12 google.co.uk

Hosts: 93.174.89.12 google.co.za

Hosts: 93.174.89.12 google.co.zm

Hosts: 93.174.89.12 google.com

Hosts: 93.174.89.12 google.com.af

Hosts: 93.174.89.12 google.com.ag

Hosts: 93.174.89.12 google.com.ar

Hosts: 93.174.89.12 google.com.au

Hosts: 93.174.89.12 google.com.bn

Hosts: 93.174.89.12 google.com.br

Hosts: 93.174.89.12 google.com.by

Hosts: 93.174.89.12 google.com.bz

Hosts: 93.174.89.12 google.com.cu

Hosts: 93.174.89.12 google.com.ec

Hosts: 93.174.89.12 google.com.fj

Hosts: 93.174.89.12 www.google.ae

Hosts: 93.174.89.12 www.google.as

Hosts: 93.174.89.12 www.google.at

Hosts: 93.174.89.12 www.google.az

Hosts: 93.174.89.12 www.google.ba

Hosts: 93.174.89.12 www.google.be

Hosts: 93.174.89.12 www.google.bg

Hosts: 93.174.89.12 www.google.bs

Hosts: 93.174.89.12 www.google.ca

Hosts: 93.174.89.12 www.google.cd

Hosts: 93.174.89.12 www.google.com.gh

Hosts: 93.174.89.12 www.google.com.hk

Hosts: 93.174.89.12 www.google.com.jm

Hosts: 93.174.89.12 www.google.com.mx

Hosts: 93.174.89.12 www.google.com.my

Hosts: 93.174.89.12 www.google.com.na

Hosts: 93.174.89.12 www.google.com.nf

Hosts: 93.174.89.12 www.google.com.ng

Hosts: 93.174.89.12 www.google.ch

Hosts: 93.174.89.12 www.google.com.np

Hosts: 93.174.89.12 www.google.com.pr

Hosts: 93.174.89.12 www.google.com.qa

Hosts: 93.174.89.12 www.google.com.sg

Hosts: 93.174.89.12 www.google.com.tj

Hosts: 93.174.89.12 www.google.com.tw

Hosts: 93.174.89.12 www.google.dj

Hosts: 93.174.89.12 www.google.de

Hosts: 93.174.89.12 www.google.dk

Hosts: 93.174.89.12 www.google.dm

Hosts: 93.174.89.12 www.google.ee

Hosts: 93.174.89.12 www.google.fi

Hosts: 93.174.89.12 www.google.fm

Hosts: 93.174.89.12 www.google.fr

Hosts: 93.174.89.12 www.google.ge

Hosts: 93.174.89.12 www.google.gg

Hosts: 93.174.89.12 www.google.gm

Hosts: 93.174.89.12 www.google.gr

Hosts: 93.174.89.12 www.google.ht

Hosts: 93.174.89.12 www.google.ie

Hosts: 93.174.89.12 www.google.im

Hosts: 93.174.89.12 www.google.in

Hosts: 93.174.89.12 www.google.it

Hosts: 93.174.89.12 www.google.ki

Hosts: 93.174.89.12 www.google.la

Hosts: 93.174.89.12 www.google.li

Hosts: 93.174.89.12 www.google.lv

Hosts: 93.174.89.12 www.google.ma

Hosts: 93.174.89.12 www.google.ms

Hosts: 93.174.89.12 www.google.mu

Hosts: 93.174.89.12 www.google.mw

Hosts: 93.174.89.12 www.google.nl

Hosts: 93.174.89.12 www.google.no

Hosts: 93.174.89.12 www.google.nr

Hosts: 93.174.89.12 www.google.nu

Hosts: 93.174.89.12 www.google.pl

Hosts: 93.174.89.12 www.google.pn

Hosts: 93.174.89.12 www.google.pt

Hosts: 93.174.89.12 www.google.ro

Hosts: 93.174.89.12 www.google.ru

Hosts: 93.174.89.12 www.google.rw

Hosts: 93.174.89.12 www.google.sc

Hosts: 93.174.89.12 www.google.se

Hosts: 93.174.89.12 www.google.sh

Hosts: 93.174.89.12 www.google.si

Hosts: 93.174.89.12 www.google.sm

Hosts: 93.174.89.12 www.google.sn

Hosts: 93.174.89.12 www.google.st

Hosts: 93.174.89.12 www.google.tl

Hosts: 93.174.89.12 www.google.tm

Hosts: 93.174.89.12 www.google.tt

Hosts: 93.174.89.12 www.google.us

Hosts: 93.174.89.12 www.google.vu

Hosts: 93.174.89.12 www.google.ws

Hosts: 93.174.89.12 www.google.co.ck

Hosts: 93.174.89.12 www.google.co.id

Hosts: 93.174.89.12 www.google.co.il

Hosts: 93.174.89.12 www.google.co.in

Hosts: 93.174.89.12 www.google.co.jp

Hosts: 93.174.89.12 www.google.co.kr

Hosts: 93.174.89.12 www.google.co.ls

Hosts: 93.174.89.12 www.google.co.ma

Hosts: 93.174.89.12 www.google.co.nz

Hosts: 93.174.89.12 www.google.co.tz

Hosts: 93.174.89.12 www.google.co.ug

Hosts: 93.174.89.12 www.google.co.uk

Hosts: 93.174.89.12 www.google.co.za

Hosts: 93.174.89.12 www.google.co.zm

Hosts: 93.174.89.12 www.google.com

Hosts: 93.174.89.12 www.google.com.af

Hosts: 93.174.89.12 www.google.com.ag

Hosts: 93.174.89.12 www.google.com.ar

Hosts: 93.174.89.12 www.google.com.au

Hosts: 93.174.89.12 www.google.com.bn

Hosts: 93.174.89.12 www.google.com.br

Hosts: 93.174.89.12 www.google.com.by

Hosts: 93.174.89.12 www.google.com.bz

Hosts: 93.174.89.12 www.google.com.cu

Hosts: 93.174.89.12 www.google.com.ec

Hosts: 93.174.89.12 www.google.com.fj

Hosts: 93.174.89.12 google.com

Hosts: 93.174.89.12 www.google.com

Hosts: 93.174.89.12 bing.com

Hosts: 93.174.89.12 www.bing.com

Hosts: 93.174.89.12 search.yahoo.com

Hosts: 93.174.89.12 www.search.yahoo.com

Hosts: 93.174.89.12 search.live.com

Hosts: 93.174.89.12 search.msn.com

 

==== Installed Programs ======================

 

AC3Filter (remove only)

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1.3

Adobe Shockwave Player 11

Advanced Decoder Patch

AOLIcon

Avira AntiVir Personal - Free Antivirus

BeeLineGPS

CinepPlayer 30 Update

Compatibility Pack for the 2007 Office system

Core FTP LE 2.1

CorelDRAW Graphics Suite X3

CorePlayer Mobile for PocketPC Version 1.3.0.6213 (remove only)

Coupon Printer for Windows

Creative MediaSource

Critical Update for Windows Media Player 11 (KB959772)

Dell CinePlayer

Dell Driver Reset Tool

Dell Media Experience

Dell Support 3.2.1

Dell System Restore

DivX Web Player

Documentation & Support Launcher

DVD Decrypter (Remove Only)

DVD43 v3.9.0

EN

FontNav

Google Earth

Google Update Helper

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

ImgBurn

Intel® Matrix Storage Manager

Intel® PRO Network Connections

J2SE Runtime Environment 5.0 Update 6

Java 6 Update 17

Java 6 Update 2

LG USB Modem Drivers

Malwarebytes' Anti-Malware

Microsoft .NET Compact Framework 3.5

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft ActiveSync

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Small Business Edition 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Move Media Player

Mozilla Firefox (3.5.5)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

Network Magic

Norton PartitionMagic

Norton PartitionMagic 8.0

NVIDIA Drivers

Ots Studio 1.1.1

OtsAV Pro 1.77.001

palmOne

Phone Dashboard

Pocket-DVD Studio(remove only)

Pocket Informant 8.51

QuickBooks Pro 2006

QuickTime

Resco Explorer

Roxio DLA

Roxio MyDVD LE

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

Run.GPS 2.3.1

Sansa Updater

Seagate SeaTools English Online

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

SlingPlayer Mobile

Sonic Activation Module

Sonic Update Manager

Sound Blaster X-Fi

Spb Backup

Spb Backup 2.0

Spb Mobile DVD

Spectec SDIO WLAN-11g Card

Spelling Dictionaries Support For Adobe Reader 9

Sprint music manager

Spybot - Search & Destroy

TCPMP

Time Zone Data Update Tool for Microsoft Office Outlook

Treo 700wx User Guide

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB968220)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB972636)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Manager

VBA

VC80CRTRedist - 8.0.50727.762

WebFldrs XP

Windows Driver Package - Pure Networks, Inc. Network Magic Device Discovery Driver (02/08/2007 4.1.7039.0)

Windows Driver Package - Pure Networks, Inc. Network Magic Wireless Driver (02/08/2007 4.1.7039.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 10

Windows Media Player 11

Windows Mobile Daylight Saving Time 2007 Updates

Windows Presentation Foundation

Windows Rights Management Client Backwards Compatibility SP2

Windows Rights Management Client with Service Pack 2

Windows Search 4.0

Windows XP Service Pack 3

WinRAR archiver

XML Paper Specification Shared Components Pack 1.0

XSitePro2

XviD MPEG-4 Video Codec

Yahoo! Install Manager

 

==== Event Viewer Messages From Past Week ========

 

12/15/2009 12:31:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip

12/15/2009 12:31:59 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

12/15/2009 12:31:59 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/15/2009 12:31:59 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/15/2009 12:31:59 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

12/15/2009 12:30:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/15/2009 12:30:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

12/14/2009 11:19:38 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio

 

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Please use the t_reply.gif button to reply. It's easier to read (it doesn't quote the entire previous post). Thanks.

 

Go to Start > Control Panel > Add or Remove Programs and remove the following program:

Java™ 6 Update 2

 

Your Adobe Reader is outdated and vulnerable. Start Adobe Reader, go to Help > Check for Updates, and install any update found.

 

Open HijackThis:

  • Click the 'Open the Misc Tools section' button.
  • Click the 'Delete a file on reboot...' button.
  • In the window that opens, copy and paste the text below in the 'File name' field:
    C:\Windows\System32]Drivers\etc\HOSTS
  • Click the 'Open' button.
  • HijackThis will tell you that this file will be deleted when the system restarts and ask if you want to restart your system now.
  • Click Yes.
  • Your system should reboot now.
  • If your system does not automatically reboot, restart your system manually.

Double-click on HostsXpert.exe on your Desktop to run it.

Click 'Restore MS Hosts file' and press 'OK'

Exit Program.

Note: if you were using a custom Hosts file you will need to replace any of those entries yourself.

If you receive an error, please let me know

 

Launch Notepad (Start > Run > notepad), and copy/paste the contents of the box below into a new text file. Select "all files" in the "save as type" field. Save it as look.bat and save it on your Desktop.

 

if exist %systemdrive%\look.txt del %systemdrive%\look.txt
cd\
cd %allusersprofile%\Application Data\WIEASIOFLDNAG
dir /x >> %systemdrive%\look.txt
cd %allusersprofile%\Application Data\2224c41
dir /x >> %systemdrive%\look.txt
dir %Windir%\tasks /a:h >> C:\look.txt
start notepad %systemdrive%\look.txt

Locate look.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here and let me know if you are aware of what either folder is for (C:\Documents and Settings\All Users\Application Data\WIEASIOFLDNAG and C:\Documents and Settings\All Users\Application Data\2224c41).

 

In Internet Explorer, please run the BitDefender online scan at BitDefender.com

You will need to allow an ActiveX control to install for the scan to run.

Leave the scanning options at default and press "click here to scan"

When finished scanning, click on "click here to export the scan report"

Save it to your desktop, at "file name" type in "bdscan" then click save.

Please post the contents of the log in your nest reply.

 

Download "SUPERAntiSpyware Free Edition" from this link:

http://www.superantispyware.com/download.html

 

Install and update the scanner.

 

Start the scanner, click "Scan your computer", mark the drives that you want to scan (in the left window, select all your drives). Select "Perform Complete Scan" (in the right window). Click "next"

 

The scanner will now start to scan. As soon as it has finished, you should mark everything that is found, and let the scanner fix it.

 

Restart your system.

 

Open the scanner again. Click "preferences"-> "stastics/logs". Mark the log. Click "View log", and copy the content of this log into your next reply.

 

Please post a new HijakThis log, the contents of C:\look.txt, the log from SUPERAntiSpyware, and in a second reply the log from BitDefender's online scan and note any errors encountered.

Share this post


Link to post
Share on other sites

Joker:

 

Removed Java 6 Update 2

 

Updated Adobe Reader to current version

 

Ran HJT, set to delete HOSTS file on reboot

 

Rebooted

 

Ran HostsXpert.exe. Message IMMEDIATELY came up "Hosts file does not exist. Pres 'OK' to create Hosts file, cancel to quit." Clicked "OK". THEN clicked "Restore MS Hosts file" and pressed "OK".

 

Ran your little Notepad *.bat file without problem. I do NOT know what either folder is for (C:\Documents and Settings\All Users\Application Data\WIEASIOFLDNAG and C:\Documents and Settings\All Users\Application Data\2224c41).

 

Ran BitDefender Online Scanner and "SUPERAntiSpyware Free Edition" as instructed and generated log files. Rebooted per SASFE after the scan found and fixed numerous entries.

 

Ran HJT, generating a log which is posted below. Other logs requested follow in this post. BitDefender results posted in second reply per your request.

 

Respectfully submitted,

 

EngravEER

 

 

******************************************************************************

 

 

HJT Log...

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:40:48 PM, on 12/15/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\dvd43\dvd43_tray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Documents and Settings\Rick Rohn\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Spb Backup\SpbBackupSync.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061209

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [sansaDispatch] C:\Documents and Settings\Rick Rohn\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: Spb Backup Sync.lnk = C:\Program Files\Spb Backup\SpbBackupSync.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://www.etoreports.com/viewer9/activeXViewer/activexviewer.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.onlinegis.net/download/MgViewer6.0CAB/mgaxctrl.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183553476281

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://trax.nfocus.com/AppSupport/arview2.cab

O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 8950 bytes

 

 

****************************************************

 

 

look.txt contents...

 

Volume in drive C is Win XP Pro OS & Programs

Volume Serial Number is B891-CE69

 

Directory of C:\Documents and Settings\All Users\Application Data\WIEASIOFLDNAG

 

Volume in drive C is Win XP Pro OS & Programs

Volume Serial Number is B891-CE69

 

Directory of C:\Documents and Settings\All Users\Application Data\2224c41

 

12/06/2009 06:28 PM 330 3527.mof

12/06/2009 06:28 PM <DIR> BackUp

11/06/2009 02:57 PM 722,392 mozcrt19.dll

12/06/2009 06:28 PM <DIR> QUARAN~1 Quarantine Items

11/06/2009 02:57 PM 457,688 sqlite3.dll

12/06/2009 06:28 PM 2,256,896 WI2224.exe

12/06/2009 06:28 PM 4,286 WINAG.ico

12/06/2009 06:28 PM <DIR> WINAGSys

5 File(s) 3,441,592 bytes

3 Dir(s) 77,319,520,256 bytes free

Volume in drive C is Win XP Pro OS & Programs

Volume Serial Number is B891-CE69

 

Directory of C:\WINDOWS\tasks

 

08/04/2004 06:00 AM 65 desktop.ini

12/15/2009 10:35 AM 6 SA.DAT

2 File(s) 71 bytes

0 Dir(s) 77,319,520,256 bytes free

 

 

 

****************************************************

 

 

SUPERAntiSpyware log...

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 12/15/2009 at 12:34 PM

 

Application Version : 4.31.1000

 

Core Rules Database Version : 4374

Trace Rules Database Version: 2214

 

Scan type : Complete Scan

Total Scan Time : 00:31:02

 

Memory items scanned : 481

Memory threats detected : 0

Registry items scanned : 6980

Registry threats detected : 0

File items scanned : 29290

File threats detected : 305

 

Adware.Tracking Cookie

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@www.burstbeacon[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@ru4[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@ads.ireel[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@content.yieldmanager[3].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@lfstmedia[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@collective-media[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@track.singleedge[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@ads.bridgetrack[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@ww1.thefind[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@2o7[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@overture[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@kontera[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@media6degrees[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@trafficmp[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@ads.nba[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@specificclick[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@videoegg.adbureau[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@realmedia[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@serving-sys[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@burstbeacon[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@ads.widgetbucks[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@ads.realtechnetwork[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@ad.yieldmanager[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@cms.trafficmp[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@pointroll[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@a1.interclick[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@tracking.realtor[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@ad.wsod[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@ads.pointroll[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@server.cpmstar[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@click.bsftransmit1[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@edge.ru4[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@stat.blogorama[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@ads.ad4game[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@socialmedia[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@bs.serving-sys[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@oasn04.247realmedia[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@adlegend[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@specificmedia[3].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@azjmp[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@dominionenterprises.112.2o7[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@imrworldwide[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@content.yieldmanager[4].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@adsense11-web-officelive-com.sitereports.officelive[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@server.iad.liveperson[3].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@atdmt[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@invitemedia[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@adbrite[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@ads.undertone[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@richmedia.yahoo[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@timeinc.122.2o7[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@tacoda[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@tribalfusion[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@s.clickability[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@msnportal.112.2o7[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@247realmedia[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@adserver.adtechus[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@rotator.adjuggler[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@insightexpressai[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@citi.bridgetrack[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@interclick[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@revsci[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@questionmarket[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@iacas.adbureau[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@dc.tremormedia[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@advertising[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@cdn4.specificclick[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@marketlive.122.2o7[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@stats.washingtonpost[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@server.iad.liveperson[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@homestore.122.2o7[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@thefind[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@www.jartrack[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@adtech[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@stats2.clicktracks[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@network.realmedia[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@berkeleycountyschools[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@www.berkeleycountyschools[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@us.adserver.yahoo[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@questionmarket[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@clickbooth[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@gcc-00.googleadservices[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@content.yieldmanager[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@server.cpmstar[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@ads4.blastro[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@ads.us.e-planning[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@media303[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@media.ntsserve[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@www.advertyz[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@www.googleadservices[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@insightexpressai[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@kontera[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@videoegg.adbureau[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@adinterax[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@atdmt[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@atlas.entrepreneur[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@ads.widgetbucks[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@www.burstnet[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@ad.yieldmanager[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@ads.associatedcontent[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@mediatraffic[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@stats.crossmediaservices[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@interclick[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@adfi.adbureau[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@oasn04.247realmedia[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@dmtracker[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@prospect.adbureau[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@ads.trashypretty[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@server.koadserver[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@us.adserver.yahoo[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@trafficdashboard[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@tremor.adbureau[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@apmebf[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@trafficvenuedirect[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@adserver.adtechus[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@server2.bkvtrack[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@a.websponsors[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@chitika[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@adserving.contextualmarketplace[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@burstnet[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@crossmediaservices[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@zillow.adbureau[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@ads.cnn[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@media.photobucket[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@ads.tnt[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@adbrite[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@mediaplex[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@imrworldwide[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@microsoftwindows.112.2o7[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@viacom.adbureau[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@eyewonder[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@pgcom.adbureau[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@advertising[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@rocku.adbureau[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@htmlgear.tripod[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@partner2profit[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@doubleclick[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@ads.vlaze[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@247realmedia[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@ads.gmodules[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@mywebsearch[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@specificmedia[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@lstat.youku[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@ads.hightimes[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@collective-media[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@ads.diet[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@track.cbs[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@tracking.vindicosuite[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@socialmedia[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@ads.veoh[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@www.accountonline[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@stat.youku[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@media6degrees[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@network.realmedia[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@richmedia.yahoo[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@fastclick[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@realmedia[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@lotsofads.smilingtraffic[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@www.berkeleycountyschools[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@berkeleycountyschools[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@track.bestbuy[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@5.go.globaladsales[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@audit.median[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@media.mtvnservices[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@sixapart.adbureau[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@adnetserver[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@burstbeacon[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@cgm.adbureau[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@eb.adbureau[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@myroitracking[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@neoedge.adbureau[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@nextag[2].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@qnsr[1].txt

C:\Documents and Settings\Becca Rohn\Cookies\becca_rohn@www.burstbeacon[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@specificclick[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@specificmedia[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@ads.bootcampmedia[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@cdn4.specificclick[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@enhance[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@247realmedia[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@www.findstuff[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@ad.yieldmanager[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@insightexpressai[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@statcounter[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@bizrate[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@bridge2.admarketplace[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@bridge1.admarketplace[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@media6degrees[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@invitemedia[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@d.mediaforceads[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@trafficmp[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@dc.tremormedia[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@admarketplace[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@snip.www.findstuff[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@admarketplace[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@ad.zanox[1].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@adfarm1.adition[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@content.yieldmanager[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@overture[2].txt

C:\Documents and Settings\Rick Rohn\Cookies\rick_rohn@zedo[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@bs.serving-sys[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@richmedia.yahoo[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@serving-sys[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@edge.ru4[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@realmedia[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@fastclick[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@ads.newsforce[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@kontera[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@media.adrevolver[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@specificmedia[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@specificclick[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@collective-media[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@viacom.adbureau[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@microsoftwindows.112.2o7[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@www.burstnet[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@mediaplex[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@content.yieldmanager[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@questionmarket[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@kanoodle[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@socialmedia[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@focalex[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@ads.imarketservices[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@doubleclick[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@s.clickability[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@atdmt[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@clickbooth[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@interclick[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@ad.yieldmanager[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@ads.widgetbucks[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@ads.herald-mail[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@adinterax[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@pn1.adserver.yahoo[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@statcounter[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@iacas.adbureau[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@track.bestbuy[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@tribalfusion[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@adbureau[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@adserv.brandaffinity[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@berkeleycountyschools[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@chitika[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@tacoda[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@www.accountonline[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@ads.ovguide[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@zedo[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@a1.interclick[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@adopt.euroclick[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@adrevolver[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@ads.cnn[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@ads.nexstardigital[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@ads.pgatour[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@adserver.adtechus[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@advertising[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@apmebf[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@app.insightgrit[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@at.atwola[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@burstnet[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@cgm.adbureau[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@citi.bridgetrack[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@insightexpressai[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@media6degrees[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@partner2profit[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@revenue[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@revsci[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@rocku.adbureau[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@server.iad.liveperson[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@server.iad.liveperson[3].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@www.berkeleycountyschools[2].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@www.ecoretrack[1].txt

C:\Documents and Settings\Stacie Rohn\Cookies\stacie_rohn@www.googleadservices[2].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@media6degrees[2].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@overture[1].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@media.adrevolver[1].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@specificmedia[1].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@mediaplex[1].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@ad.yieldmanager[1].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@interclick[2].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@atdmt[2].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@dynamic.media.adrevolver[1].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@2o7[2].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@a1.interclick[1].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@adrevolver[2].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@adserver.adtechus[1].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@advertising[1].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@apmebf[1].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@cache.trafficmp[1].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@doubleclick[1].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@e-2dj6wfk4ugdzklp.stats.esomniture[2].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@specificclick[2].txt

C:\WINDOWS\TEMP\Cookies\stacie_rohn@trafficmp[1].txt

 

Rogue.Agent/Gen

C:\Documents and Settings\All Users\Application Data\2224C41

 

Rogue.Agent/Gen-Multi[W]

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\2224C41\WI2224.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP506\A0044163.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP506\A0044164.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP506\A0044165.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP506\A0044166.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP506\A0045173.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP506\A0045174.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP506\A0045175.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP506\A0045176.LNK

 

Trojan.Agent/Gen-Nullo[short]

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP506\A0045177.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP506\A0045178.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP506\A0045179.DLL

M:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP506\A0045181.EXE

M:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP506\A0045182.EXE

M:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP506\A0045183.EXE

Share this post


Link to post
Share on other sites

Joker:

 

BitDefender made me output the scan info as an HTML file. I thought that was somewhat strange so perhaps I did something wrong. Saved it as an HTML file, opened it in my browser and copied and pasted the contents to a text file as follows...

 

 

 

BitDefender Online Scanner

 

 

Scan report generated at: Tue, Dec 15, 2009 - 11:48:46

 

 

Scan path: C:\;D:\;G:\;H:\;I:\;J:\;K:\;L:\;M:\;N:\;O:\;

 

 

 

Statistics

 

Time

 

 

00:56:12

 

Files

 

 

352816

 

Folders

 

 

11098

 

Boot Sectors

 

 

0

 

Archives

 

 

5471

 

Packed Files

 

 

17964

 

 

 

 

 

 

 

Results

 

Identified Viruses

 

 

4

 

Infected Files

 

 

4

 

Suspect Files

 

 

0

 

Warnings

 

 

0

 

Disinfected

 

 

0

 

Deleted Files

 

 

4

 

 

 

 

 

 

 

Engines Info

 

Virus Definitions

 

 

4731111

 

Engine build

 

 

AVCORE v2.1 Windows/i386 11.0.0.26 (Oct 20 2009)

 

Scan plugins

 

 

17

 

Archive plugins

 

 

44

 

Unpack plugins

 

 

8

 

E-mail plugins

 

 

6

 

System plugins

 

 

4

 

 

 

 

 

 

 

Scan Settings

 

First Action

 

 

Disinfect

 

Second Action

 

 

Delete

 

Heuristics

 

 

Yes

 

Enable Warnings

 

 

Yes

 

Scanned Extensions

 

 

*;

 

Exclude Extensions

 

 

 

 

Scan Emails

 

 

Yes

 

Scan Archives

 

 

Yes

 

Scan Packed

 

 

Yes

 

Scan Files

 

 

Yes

 

Scan Boot

 

 

Yes

 

 

 

 

 

 

 

 

Scanned File

 

 

Status

 

C:\Documents and Settings\Rick Rohn\Application Data\Sun\Java\Deployment\cache\6.0\32\1ad04aa0-6f3fc2d8=>myf/y/AppletX.class

 

 

Infected with: Trojan.Generic.IS.614610

 

C:\Documents and Settings\Rick Rohn\Application Data\Sun\Java\Deployment\cache\6.0\32\1ad04aa0-6f3fc2d8=>myf/y/AppletX.class

 

 

Deleted

 

C:\Documents and Settings\Rick Rohn\Application Data\Sun\Java\Deployment\cache\6.0\32\1ad04aa0-6f3fc2d8

 

 

Updated

 

C:\Documents and Settings\Rick Rohn\Application Data\Sun\Java\Deployment\cache\6.0\32\1ad04aa0-6f3fc2d8=>myf/y/LoaderX.class

 

 

Infected with: Trojan.Generic.IS.617631

 

C:\Documents and Settings\Rick Rohn\Application Data\Sun\Java\Deployment\cache\6.0\32\1ad04aa0-6f3fc2d8=>myf/y/LoaderX.class

 

 

Deleted

 

C:\Documents and Settings\Rick Rohn\Application Data\Sun\Java\Deployment\cache\6.0\32\1ad04aa0-6f3fc2d8

 

 

Updated

 

C:\Documents and Settings\Rick Rohn\Application Data\Sun\Java\Deployment\cache\6.0\32\1ad04aa0-6f3fc2d8=>myf/y/PayloadX.class

 

 

Infected with: Trojan.Generic.IS.616012

 

C:\Documents and Settings\Rick Rohn\Application Data\Sun\Java\Deployment\cache\6.0\32\1ad04aa0-6f3fc2d8=>myf/y/PayloadX.class

 

 

Deleted

 

C:\Documents and Settings\Rick Rohn\Application Data\Sun\Java\Deployment\cache\6.0\32\1ad04aa0-6f3fc2d8

 

 

Updated

 

C:\WINDOWS\CouponPrinter.ocx

 

 

Detected with: Adware.Generic.53752

 

C:\WINDOWS\CouponPrinter.ocx

 

 

Deleted

Share this post


Link to post
Share on other sites

It looks like everything went fine. :D

 

Reconfigure Windows to show hidden files:

Click Start. Open My Computer.

Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".

Uncheck the "Hide protected operating system files (recommended)" option.

Uncheck the "Hide file extensions for known file types" option.

Click Yes to confirm. Click OK.

 

Using Windows Explorer, delete the following folders if still there:

C:\Documents and Settings\All Users\Application Data\WIEASIOFLDNAG

C:\Documents and Settings\All Users\Application Data\2224C41

 

Now you need to hide the files you un-hid earlier:

Click Start. Open My Computer.

Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading unselect "Show hidden files and folders".

Check the "Hide protected operating system files (recommended)" option.

Click Yes to confirm. Click OK.

 

BitDefender made me output the scan info as an HTML file. I thought that was somewhat strange so perhaps I did something wrong.

You didn't make an error, it creates the log as an HTML folder for formatting, but it pastes just fine. I see it found and deleted some malware in your Java cache, and deleted an adware related file.

 

Your scan showed one of more viruses in your Sun Java Runtime Environment (JRE) cache. Delete those by clearing the JRE cache.

To clear the Java Runtime Environment (JRE) cache:

  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel.
    -The Java Control Panel appears.
  • Click Settings under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    -The Delete Temporary Files dialog box appears.
    -There are two options on this window to clear the cache.
    • Applications and Applets
    • Trace and Log File.

    [*]Click OK on Delete Temporary Files window.

    -Note: This deletes all the Downloaded Applications and Applets from the cache.

    [*]Click OK on Temporary Files Settings window.

    [*]Close the Java Control Panel

How is the system running now, are you still being redirected?

Share this post


Link to post
Share on other sites

Joker:

 

C:\Documents and Settings\All Users\Application Data\WIEASIOFLDNAG was still there. Contained one file which "appeared" to be a Microsoft Office Configuration file... it was dated from 12/6/09 however. Axed it and the folder. There was no sign of C:\Documents and Settings\All Users\Application Data\2224C41.

 

Java Runtime Environment (JRE) cache cleared per your instructions.

 

Everything seems back to normal browser-wise. Entering "google" now takes you to the main Google home page... no more redirects to the Google Netherlands site. Wife can also now get into her gmail account without problems.

 

Whatever "it" was appears to have done a job on my Avira AntiVirus though. Killed the Avira desktop icon on the Avira AntiVirus Control Center. I can still open the Control Center. However, when I go to do a program update I get the message, "The following error occurred when trying to start the update: Scheduler not loaded." Also, the AntiVir Guard says "Service Stopped" and I can't get it going again in the sys tray. It could perhaps be conflicting with the SUPERAntiSpyware Free Edition that we installed and whose icon I now see down in my sys tray. Of course, it seems Avira let-in whatever it was so perhaps it's time to dump ole Avira for that new, good-looking SUPER blond who just moved-in downstairs LOL!

 

As we're obviously close to putting the wraps on this, any other thoughts, suggestions, etc. going forward? Oh, and I know we have to do a "clean-up" on some of the tools we used throughout the process. Will wait to hear back. Thanks!!

Share this post


Link to post
Share on other sites
Everything seems back to normal browser-wise.

Excellent!

 

SUPERAntiSpyware wold not be a replacement for Avira. It's along the lines of MBAM or Windows Defender as an anti-malware utility.

 

For the problems with Avira, I reinstall it.

  • Be certain you have a copy of the current installer
  • I would uninstall SUPERAntiSpyware (you can reinstall it later if you want).
  • Be certian you have a current copy of the Avira AntiVir Personal installer.
  • Disconnect from the Internet by pulling the connection cable.
  • Uninstall Avira AntiVir Personal - Free Antivirus from Control Panel's Add or Remove Programs.
  • Reboot.
  • Reinstall Avira and restart if requested.
  • Reconnect to the Internet and update the program.

If you were to try another antivirus program rather than Avira, I'd try Avast!.

 

To help keep malware off your system:


  •  
  • Keep Windows updated at Windows Update or Microsoft Update.
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Run a program like Secunia Software Inspector Scan to see what programs need to be updated.
  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/winhelp2002/hosts.htm.
  • A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacoolsoftware.com/products.html.
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywareinfoforum.com/index.php?showtopic=60955

Does your problem appear resolved?

Share this post


Link to post
Share on other sites

Joker:

 

I'll uninstall SUPERAntiSpyware, re-install Avira Personal and then re-install SUPERAntiSpyware. Figure I'll have Avira running continuously in the background and then just try to scan my system regularly with both MalwareBytes and SUPERAntiSpyware. Hopefully that will go a long way in keeping the Gremlins at bay.

 

I appreciate -- and will heed -- your other suggestions for keeping the Gremlins at bay as well :thumbup:

 

Problem appears solved and we should be good-to-go! Let's consider this case closed and relegated to the archives.

 

I have just made a Paypal donation of $50.00 to recognize and thank you for all of your help. Wish I could do more (because the good work you folks do here is certainly worth much more), but the Holidays and the two ladies in my household are taking care of any and all excess funding :D

 

Thank you again for all of your help!!

 

EngravEER

Share this post


Link to post
Share on other sites

We thank you every much for the extremely generous donation. Donations like that allow us to keep up the fight against malware and continue to provide assistance to those that need it.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0