• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jusama14

Error with Firefox + pop ups

19 posts in this topic

Hello, I have ran both adaware and spybot. With those i cleaned out most of the spyware so now there aren't many pop ups. Every now and then I get a single pop up, mostly on IE and sometimes on firefox. My main concern however is that when i try to view windows media content on firefox...the browser simply crashes, this has never happened before. I clicked on "view more details" and I saw this "modname: ssqrp.dll"

Any help? Also I have included the hijackthis log.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 4:08:10 PM, on 4/20/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\updater.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\ErrorProtector Free\startmon.exe

C:\Downloads\Programs\Flashfxp\FlashFXP.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.129.10:3128

O1 - Hosts: 127.0.0.2 www.runescape.com

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [fbdirect] C:\Program Files\ScanSoft\PaperPort\fbdirect.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\updater.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ErrorProtector Free] C:\Program Files\ErrorProtector Free\ertmain.exe

O4 - HKLM\..\Run: [salestart] "C:\Program Files\Common Files\ErrorProtector Free\startmon.exe"

O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\fwlwkpjt.dll",setvm

O4 - HKCU\..\Run: [steam] "c:\steam1\steam.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Dfmlvb] "C:\Documents and Settings\Usama J\Application Data\??mbols\n?tepad.exe"

O4 - Startup: Adobe Gamma.lnk.disabled

O4 - Global Startup: AutoCAD Startup Accelerator.lnk.disabled

O4 - Global Startup: Digital Line Detect.lnk.disabled

O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk.disabled

O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled

O4 - Global Startup: Microsoft Office.lnk.disabled

O4 - Global Startup: Remote Control.lnk.disabled

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello jusama14,

 

Welcome to SWI :)

 

Sorry for the delay.

 

If you still need help, please post a new HijackThis log and I'll be happy to look at it.

 

Thanks,

tea

Share this post


Link to post
Share on other sites

Hello jusama14,

 

Welcome to SWI :)

 

Sorry for the delay.

 

If you still need help, please post a new HijackThis log and I'll be happy to look at it.

 

Thanks,

tea

 

Hello, here you go.

 

Logfile of HijackThis v1.99.1

Scan saved at 4:26:00 PM, on 4/24/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\NSVtools\nsvcap.exe

C:\Program Files\VHLabs\VHScrCap\VHScrCapDlg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\mIRC\mirc.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.129.10:3128

O1 - Hosts: 127.0.0.2 www.runescape.com

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [fbdirect] C:\Program Files\ScanSoft\PaperPort\fbdirect.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\rxfgjfvu.dll",setvm

O4 - HKCU\..\Run: [steam] "c:\steam1\steam.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Share this post


Link to post
Share on other sites

Hello,

 

Your Java is way out of date, which leaves your computer vulnerable.

 

Updating Java

  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

1. Download this file - combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall.

 

Thanks,

tea

Share this post


Link to post
Share on other sites

Thanks a lot for your help, here is my combofix log along with the new hijacthis log. Also a user on another forum told me to rename hijackthis to scanner.exe and he also told me to run VundoFix. Just so you know. Here are my new logs.

 

"Usama J" - 07-04-25 15:38:37 Service Pack 2

ComboFix 07-04-25.4V - Running from: "C:\Program Files\Mozilla Firefox\"

 

 

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\geeby.dll

C:\WINDOWS\system32\jkhhe.dll

C:\WINDOWS\system32\dfjkgymp.dll

C:\WINDOWS\system32\hthbmasf.dll

C:\WINDOWS\system32\xywbshxa.dll

C:\WINDOWS\system32\ddabx.dll

C:\WINDOWS\system32\gebyw.dll

C:\WINDOWS\system32\ybeeg.ini

C:\WINDOWS\system32\ehhkj.ini

C:\WINDOWS\system32\xbadd.ini

C:\WINDOWS\system32\wybeg.ini

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe

C:\WINDOWS\updater.exe

C:\Program Files\xloadnet\xloadnet.exe

C:\WINDOWS\DOWNLO~1.\Quarantine\ppqdb.dat

C:\WINDOWS\DOWNLO~1.\Quarantine\ppqsdb.dat

C:\Program Files\xloadnet

C:\WINDOWS\DOWNLO~1.\Quarantine

C:\WINDOWS\system32\drivers\core.sys

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\qoobox\purity\C\DOCUME~1

C:\qoobox\purity\C\DOCUME~1\USAMAJ~1

C:\qoobox\purity\C\DOCUME~1\USAMAJ~1\APPLIC~1

C:\qoobox\purity\C\DOCUME~1\USAMAJ~1\APPLIC~1\MBOLS~1

C:\qoobox\purity\C\DOCUME~1\USAMAJ~1\APPLIC~1\MBOLS~1\??mbols

 

 

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\core

-------\nm

-------\LEGACY_CORE

-------\LEGACY_NM

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-03-25 to 2007-04-25 ))))))))))))))))))))))))))))))))))

 

 

2007-04-25 15:06 <DIR> d-------- C:\VundoFix Backups

2007-04-24 19:37 <DIR> d-------- C:\Program Files\Windows Live Safety Center

2007-04-23 19:41 <DIR> d-------- C:\Program Files\SpywareBlaster

2007-04-19 17:40 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll

2007-04-19 17:40 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll

2007-04-19 17:40 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-04-19 17:40 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll

2007-04-19 17:40 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll

2007-04-19 17:40 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll

2007-04-19 17:40 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2007-04-19 17:40 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2007-04-19 17:40 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2007-04-19 17:22 <DIR> d-------- C:\Program Files\THQ

2007-04-18 18:24 <DIR> d-------- C:\Program Files\FitSoft

2007-04-18 18:18 <DIR> d-------- C:\DOCUME~1\USAMAJ~1\.housecall6.6

2007-04-18 18:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-04-18 16:56 <DIR> d-------- C:\WINDOWS\pss

2007-04-18 15:50 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-04-18 15:50 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-04-18 15:50 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-04-18 15:50 733,824 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-04-18 15:50 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-04-18 15:50 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-04-18 15:50 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-04-18 15:50 <DIR> d-------- C:\Program Files\Alwil Software

2007-04-18 15:33 <DIR> d-------- C:\DOCUME~1\USAMAJ~1\APPLIC~1\ErrorProtector Free

2007-04-18 15:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free

2007-04-17 17:19 <DIR> d-------- C:\Program Files\GCFScape

2007-04-17 17:12 <DIR> d-------- C:\srcds

2007-04-17 16:37 <DIR> d-------- C:\DOCUME~1\USAMAJ~1\APPLIC~1\FlashFXP

2007-04-16 23:17 1,556,496 --a------ C:\WINDOWS\screengenie.scr

2007-04-16 23:17 <DIR> d-------- C:\Program Files\CinemaForge

2007-04-16 20:10 124,142 --a------ C:\WINDOWS\b136.exe

2007-04-12 21:39 <DIR> d-------- C:\Program Files\The iPod Application Installer II

2007-04-12 21:39 <DIR> d-------- C:\DOCUME~1\USAMAJ~1\APPLIC~1\InstallShield

2007-04-11 19:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\4D

2007-04-11 16:17 <DIR> d-------- C:\DOCUME~1\USAMAJ~1\APPLIC~1\Viewpoint

2007-04-09 19:13 <DIR> d-------- C:\DOCUME~1\USAMAJ~1\APPLIC~1\CodecX

2007-04-09 19:12 <DIR> d-------- C:\Program Files\CodecX

2007-04-09 18:13 36,480 --a------ C:\WINDOWS\system32\drivers\verysplit.sys

2007-04-09 18:13 16,896 --a------ C:\WINDOWS\system32\drivers\vsaudio.sys

2007-04-09 18:13 <DIR> d-------- C:\Program Files\WebCamSplitter

2007-04-08 19:49 <DIR> d-------- C:\download

2007-04-07 23:53 <DIR> d-------- C:\UnrealTournament

2007-04-04 22:44 190,976 --------- C:\WINDOWS\eiunin2.exe

2007-04-04 22:39 <DIR> d-a------ C:\Program Files\?????

2007-04-03 21:23 <DIR> d-------- C:\Program Files\XBCD

2007-04-03 17:15 <DIR> d-------- C:\Program Files\cs1.6

2007-03-29 17:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

2007-03-29 17:39 <DIR> d-------- C:\Program Files\Symantec

2007-03-29 17:39 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

2007-03-28 17:52 304,128 --a------ C:\WINDOWS\IsUn0411.exe

2007-03-28 16:50 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll

2007-03-28 16:50 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll

2007-03-28 16:50 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll

2007-03-28 16:50 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll

2007-03-28 16:50 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll

2007-03-28 16:50 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll

2007-03-28 16:49 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll

2007-03-28 16:49 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll

2007-03-28 16:49 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll

2007-03-28 16:49 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll

2007-03-28 16:49 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll

2007-03-28 16:49 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll

2007-03-28 16:49 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll

2007-03-28 16:49 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll

2007-03-28 16:49 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll

2007-03-28 16:49 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll

2007-03-28 16:49 6,144 --a------ C:\WINDOWS\system32\kbd101.dll

2007-03-26 16:32 <DIR> d-------- C:\Program Files\Virtual Earth 3D

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-04-25 15:41 -------- d-a------ C:\Program Files\?????

2007-04-24 21:10 -------- d-------- C:\Program Files\mirc

2007-04-24 19:38 -------- d-------- C:\Program Files\nsvtools

2007-04-22 21:02 -------- d-------- C:\Program Files\gamespy arcade

2007-04-22 14:21 -------- d-------- C:\DOCUME~1\USAMAJ~1\APPLIC~1\utorrent

2007-04-18 16:40 -------- d-------- C:\Program Files\rgb

2007-04-13 18:00 -------- d--h----- C:\Program Files\installshield installation information

2007-04-13 16:04 -------- d-------- C:\Program Files\microsoft games

2007-04-07 22:37 -------- d-------- C:\Program Files\xbc

2007-03-31 00:22 -------- d-------- C:\Program Files\ephpod

2007-03-23 21:21 -------- d-------- C:\Program Files\videolan

2007-03-22 20:16 -------- d-------- C:\Program Files\intel desktop boards

2007-03-20 19:05 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys

2007-03-20 18:53 -------- d-------- C:\Program Files\maxis

2007-03-17 08:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll

2007-03-16 22:01 -------- d-------- C:\DOCUME~1\USAMAJ~1\APPLIC~1\real

2007-03-15 09:08 101438 --a------ C:\WINDOWS\b122.exe

2007-03-14 16:07 -------- d-------- C:\Program Files\smart projects

2007-03-13 00:26 1849036 --a------ C:\Program Files\nsvtools.rar

2007-03-10 22:36 -------- d-------- C:\DOCUME~1\USAMAJ~1\APPLIC~1\dvdcss

2007-03-10 22:35 3584 --a------ C:\DOCUME~1\USAMAJ~1\APPLIC~1\dvd.bmk

2007-03-08 15:23 98240 --ah----- C:\WINDOWS\system32\mlfcache.dat

2007-03-08 10:36 577536 --a------ C:\WINDOWS\system32\user32.dll

2007-03-08 10:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll

2007-03-08 10:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll

2007-03-08 08:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys

2007-03-03 16:06 -------- d-------- C:\Program Files\msn messenger

2007-02-27 19:11 -------- d-------- C:\Program Files\wmr11

2007-02-22 20:36 2516 --ahs---- C:\WINDOWS\system32\kgygaavl.sys

2007-02-18 16:51 2903 --a------ C:\WINDOWS\mozver.dat

2007-02-05 15:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll

2007-01-27 13:30 4096 --a------ C:\WINDOWS\d3dx.dat

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\yjrxilpf.dll [x]

{26EC3110-F1D7-497A-A27F-05700F853D89} C:\WINDOWS\system32\xywbshxa.dll [x]

{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll

{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\System32\DLA\DLASHX_W.DLL

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll [x]

{CA6319C0-31B7-401E-A518-A07C3DB8F777} c:\Program Files\BAE\BAE.dll

{DAA8B54E-42F8-496A-9553-083BE14B907D} C:\WINDOWS\system32\ssqrp.dll [x]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"

"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""

"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"

"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"

"fbdirect"="C:\\Program Files\\ScanSoft\\PaperPort\\fbdirect.exe"

"SigmatelSysTrayApp"="sttray.exe"

"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"

"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Steam"="\"c:\\steam1\\steam.exe\" -silent"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\

63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\

6d,73,73,74,79,6c,65,73,00

"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\

73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoCDBurning"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0

Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages REG_MULTI_SZ scecli\0\0

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

@=""

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"

"PPWebCap"="C:\\Program Files\\ScanSoft\\PaperPort\\PPWebCap.exe"

"Veoh"="\"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe\" /VeohHide"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""

"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""

"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"

"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"

"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

"WinDVR SchSvr"="\"C:\\Program Files\\Common Files\\InterVideo\\SchSvr\\SchSvr.exe\""

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

Shell\AutoRun\command E:\setup.exe

 

********************************************************************

 

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-04-25 15:45:17

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

********************************************************************

 

Completion time: 07-04-25 15:46:30 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 07-04-25 15:46

 

 

Logfile of HijackThis v1.99.1

Scan saved at 3:48:09 PM, on 4/25/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\HijackThis\scanner.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.129.10:3128

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\yjrxilpf.dll (file missing)

O2 - BHO: (no name) - {26EC3110-F1D7-497A-A27F-05700F853D89} - C:\WINDOWS\system32\xywbshxa.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll

O2 - BHO: (no name) - {DAA8B54E-42F8-496A-9553-083BE14B907D} - C:\WINDOWS\system32\ssqrp.dll (file missing)

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [fbdirect] C:\Program Files\ScanSoft\PaperPort\fbdirect.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [steam] "c:\steam1\steam.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Share this post


Link to post
Share on other sites

Hello,

 

Could I please have the link to the other forum you're getting help from? Getting help from different places can be extremely confusing to all parties involved. :unsure:

 

Thanks,

tea

Share this post


Link to post
Share on other sites

Hello,

 

Thank you for that. :D I gather from your comments there that everything is running well. :thumbsup: Just some leftovers to fix now.

 

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

 

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\yjrxilpf.dll (file missing)

O2 - BHO: (no name) - {26EC3110-F1D7-497A-A27F-05700F853D89} - C:\WINDOWS\system32\xywbshxa.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)

O2 - BHO: (no name) - {DAA8B54E-42F8-496A-9553-083BE14B907D} - C:\WINDOWS\system32\ssqrp.dll (file missing)

 

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

 

Reboot your computer.

 

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

 

Please go Here to run Panda's ActiveScan. (You must use IE for this one). http://www.pandasoftware.com/products/activescan.htm

Once you are on the Panda site click the Scan your PC button

 

A new window will open...click the Check Now button.

Enter your State/Providence

Enter your E-mail address and click send.

Select either Home user or Company.

 

Click the big Scan Now button

 

* If it wants to install an ActiveX component allow it

* It will start downloading the files it requires for the scan (Note: It may take a few minutes)

 

When the download is complete, click on My Computer to start the scan.

 

When the scan completes, if anything malicious is detected, click the See Report button, then Save report and save it to a convenient location (activescan.txt to desktop).

 

Post the contents of the ActiveScan report, please, and a new HijackThis log.

 

Thanks,

tea

 

If this happens in the future, please stick to one forum. It could very easily have gotten way too confusing for you, the other helper (Who is a student and trying to learn under expert supervision), and for me. I do thank you for telling me so I knew what was up. :)

Share this post


Link to post
Share on other sites

Sorry for the confusion. Here is my hijackthis log + activescan log.

 

Logfile of HijackThis v1.99.1

Scan saved at 7:55:02 PM, on 4/27/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Steam1\steam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\scanner.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.129.10:3128

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [fbdirect] C:\Program Files\ScanSoft\PaperPort\fbdirect.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [steam] "c:\steam1\steam.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

 

 

 

 

Incident Status Location

 

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Usama J\Application Data\Mozilla\Firefox\Profiles\0sh1ry8i.default\cookies.txt[.adrevolver.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Usama J\Application Data\Mozilla\Firefox\Profiles\0sh1ry8i.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Usama J\Application Data\Mozilla\Firefox\Profiles\0sh1ry8i.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Usama J\Application Data\Mozilla\Firefox\Profiles\0sh1ry8i.default\cookies.txt[.apmebf.com/]

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Usama J\Application Data\Mozilla\Firefox\Profiles\0sh1ry8i.default\cookies.txt[.xiti.com/]

Potentially unwanted tool:Application/Perfectkeylog.I Not disinfected C:\Documents and Settings\Usama J\My Documents\csmaps.exe[rinst.exe]

Potentially unwanted tool:Application/Perfectkeylog.I Not disinfected C:\Downloads\Graphics & Animations\Usama\Bryce\fires\new_result3.exe[rinst.exe]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Downloads\Programs\cleaners\ComboFix.exe[ComboFixT\nircmd.cfexe]

Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\Excursion9.5\ex1.dll

Hacktool:HackTool/Flood Not disinfected C:\Excursion9.5\webview\nHTMLn_2.92.dll

Adware:Adware/ActiveSearch Not disinfected C:\WINDOWS\b136.exe[²ÜÇ\Services.dll]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe

Adware:Adware/Borlander Not disinfected C:\WINDOWS\updater.exe.tmp

Share this post


Link to post
Share on other sites

Hello,

 

Please download, install, and update AVG Anti-Spyware (formerly Ewido)

  1. Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  2. After the update finishes (the status bar at the bottom will display "Update successful")
  3. Click the settings tab, then click "apply all actions" and choose clean (quarantine)
  4. Close AVG. Do not run it yet.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

  • In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Restart back into Normal Mode.

In your reply, please post the report from AVG and a new HijackThis log. Please also let me know how your computer is running. :)

 

Thanks,

tea

Share this post


Link to post
Share on other sites

Hello, Thanks a lot for all of your help. My computer seems to run perfect!! Again, thanks. Here are my logs as requested:

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 8:44:45 PM 4/28/2007

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP172\A0040432.exe -> Adware.Softomate : Ignored.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP170\A0039159.dll -> Adware.Virtumonde : Ignored.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP172\A0039316.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).

C:\WINDOWS\updater.exe.tmp -> Downloader.Agent.bls : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP172\A0039317.exe -> Downloader.VB.wz : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP172\A0039333.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).

C:\Documents and Settings\Usama J\Cookies\usama_j@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.

C:\Documents and Settings\Usama J\Cookies\usama_j@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.

 

 

::Report end

 

 

Logfile of HijackThis v1.99.1

Scan saved at 8:52:26 PM, on 4/28/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\scanner.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.129.10:3128

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [fbdirect] C:\Program Files\ScanSoft\PaperPort\fbdirect.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [steam] "c:\steam1\steam.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Share this post


Link to post
Share on other sites

Hello,

 

You're most welcome. :)

 

You log looks clean. :thumbsup:BUT!!! What happened to your AntiVirus??? It was there before, but I don't see it in this last log?

 

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

 

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

 

You should definitely maintain a firewall. Some good free firewalls are Kerio, ZoneAlarm, or Outpost

A tutorial on understanding and using firewalls may be found here.

 

In order to protect yourself against spyware, you should consider installing and running the following free programs:

 

SpywareBlaster

A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

 

SpywareGuard

A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

 

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

 

IE/Spyad:

It places over 5000 malicious websites and domains in your IE's restricted zone.

IE/Spyad

 

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

 

* Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.

* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.

* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

 

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

 

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Share this post


Link to post
Share on other sites

I uninstalled my antivirus since it did not find any viruses the others did. So I will have AVG running. Thank you for all the information and help. I have most of the programs you recommended I will consider getting a firewall.

 

Also, I have a problem. Sometimes when I am talking on msn messenger the program just closes by itself. Do you know what the problem is?

Edited by jusama14

Share this post


Link to post
Share on other sites

jusama14,

 

The AVG is an AntiSpyware program, not an AntiVirus, and a trial at that! :eek: Please reinstall Avast! AntiVirus, or another AntiVirus of your choice, as long as you have one on your system.

 

Regards,

tea

Share this post


Link to post
Share on other sites

Hello,

 

Have you tried uninstalling it and reinstalling it? It could be that the malware you had messed it up, so try that, if you haven't. :)

Share this post


Link to post
Share on other sites

Since this issue appears resolved ... this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0