• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
dmesser403

Outerinfo pop-up problem

19 posts in this topic

Hello, I just started having a lot of pop-ups from Outerinfo. Thanks for your help!!

 

Here is my HJT log:

 

Logfile of HijackThis v1.99.1

Scan saved at 9:07:15 PM, on 1/23/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\pctspk.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\svchost.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.prucar.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www1.priv.cmls.xmlsweb.com/XMLSearch/XMLCache.CAB

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://www.topproduceronline.com/Downloads/arview2.cab

O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://www.andersonfloors.com:8000/ibdc/da...timage40930.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/229/webolr/OCX/FlashAX.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.sonypictures.com/games/zuma/popcaploader_v6.cab

O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://activex.microsoft.com/controls/vb5/comdlg32.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F0522FD6-940C-4953-A325-2AE11C350E52}: NameServer = 10.10.70.1

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Open HijackThis.

  • Click Open the Misc Tools section.
  • Click Open Uninstall Manager.
  • Click Save list (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

Share this post


Link to post
Share on other sites

Thank you! Here is the list:

 

ABBYY FineReader 5.0 Sprint Plus

Ad-Aware SE Personal

Adobe Flash Player 9 ActiveX

Adobe Photoshop Album 2.0 Starter Edition

Adobe Reader 7.0.9

Adobe Shockwave Player

AOL Instant Messenger

Apple Software Update

Backspin Billiards

Bodog Poker Version 2.8.2.8

CardRd81

CCScore

CR2

Dell Photo AIO Printer 922

Dell Support

Disc2Phone

Documents To Go

ESSBrwr

ESSCDBK

ESScore

ESSCT

ESSEMAIL

ESSgui

ESShelp

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

ESSTUTOR

essvcpt

ESSvpaht

ESSvpot

Form Viewer

FUJIFILM USB Driver

Full Tilt Poker

Google Toolbar for Internet Explorer

HijackThis 1.99.1

HLPIndex

HLPPDOCK

HLPSFO

Intel® Extreme Graphics Driver

iPod for Windows 2006-01-10

iTunes

J2SE Runtime Environment 5.0 Update 9

Jasc Paint Shop Photo Album

Jasc Paint Shop Pro 8 Dell Edition

Kodak EasyShare software

KSU

LAN-Fax Utilities

McAfee VirusScan Enterprise

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft Data Access Components KB870669

Microsoft Office Basic Edition 2003

MicroStaff WINASPI

Modem Helper

Musicmatch® Jukebox

NETGEAR WG511 54 Mbps Wireless PC Card

Notifier

OfotoXMI

OTtBP

OTtBPSDK

Outerinfo

Outlook Express Q823353

Paint Shop Pro 7

Palm Desktop

Paradise Poker

PartyPoker

PCTEL 2304WT V.92 MDC Modem Drivers

Quicken 2002 New User Edition

QuickTime

RealOne Player

ScanRouter V2 Link

SFR

SHASTA

SKIN0001

SKINXSDK

SmartNetMonitor for Client

Sony Ericsson PC Suite 1.20.224

Spybot - Search & Destroy 1.4

Spyware Doctor 3.2

Synaptics Pointing Device Driver

The Tournament Director 2

Travelogue 360 Paris

Viewpoint Media Player

VPRINTOL

Windows Installer 3.1 (KB893803)

Windows Media Player Hotfix [see wm828026 for more information]

Windows XP Hotfix - KB821557

Windows XP Hotfix - KB823182

Windows XP Hotfix - KB823559

Windows XP Hotfix - KB824105

Windows XP Hotfix - KB824141

Windows XP Hotfix - KB824146

Windows XP Hotfix - KB825119

Windows XP Hotfix - KB828035

Windows XP Hotfix - KB828741

Windows XP Hotfix - KB833407

Windows XP Hotfix - KB833987

Windows XP Hotfix - KB835732

Windows XP Hotfix - KB837001

Windows XP Hotfix - KB839645

Windows XP Hotfix - KB840315

Windows XP Hotfix - KB840374

Windows XP Hotfix - KB840987

Windows XP Hotfix - KB841356

Windows XP Hotfix - KB841533

Windows XP Hotfix - KB841873

Windows XP Hotfix - KB842773

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB871250

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB873376

Windows XP Hotfix - KB883357

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB889293

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891711

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Hotfix (SP2) [see Q329115 for more information]

Windows XP Hotfix (SP2) [see Q329390 for more information]

Windows XP Hotfix (SP2) [see Q329834 for more information]

Windows XP Hotfix (SP2) Q328310

Windows XP Hotfix (SP2) Q329170

Windows XP Hotfix (SP2) Q329441

Windows XP Hotfix (SP2) Q810565

Windows XP Hotfix (SP2) Q810577

Windows XP Hotfix (SP2) Q810833

Windows XP Hotfix (SP2) Q811493

Windows XP Hotfix (SP2) Q814033

Windows XP Hotfix (SP2) Q815021

Windows XP Hotfix (SP2) Q817287

Windows XP Hotfix (SP2) Q817606

Windows XP Hotfix (SP2) Q819696

WIRELESS

Share this post


Link to post
Share on other sites

I'm sorry. I totally forgot this thread!

 

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

 

Step #1

 

I see Viewpoint installed. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint Media Player
    Also delete:
  • Outerinfo

Step #2

 

Scan again with HijackThis and check the following items:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

 

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll

After checking these items, close all browser windows except HijackThis and click "Fix checked".

 

Then reboot your computer.

 

Step #3

 

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Start HijackThis, perform a new scan and save the log file.

 

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

Share this post


Link to post
Share on other sites

Incident Status Location

 

Virus:Trj/Agent.ERL Disinfected Operating system

Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UERS_9999_N91S2507NetInstaller.exe

Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\BridgetBruner\Desktop\Click to Find and Fix Errors.url

Adware:adware/surfaccuracy Not disinfected Windows Registry

Adware:adware/ist.sidefind Not disinfected Windows Registry

Adware:adware/ucmore Not disinfected Windows Registry

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.cfexe

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.exe

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\BridgetBruner\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]

Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\BridgetBruner\Local Settings\Temp\!update.exe

Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\BridgetBruner\Local Settings\Temp\236DkqAa.exe

Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\BridgetBruner\Local Settings\Temp\95BZF3a.exe

Spyware:Spyware/LinkReplacer Not disinfected C:\Documents and Settings\BridgetBruner\Local Settings\Temp\F3BBC.tmp

Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\BridgetBruner\Local Settings\Temp\ICD1.tmp\UERS_9999_N91S2507NetInstaller.exe

Spyware:Spyware/LinkReplacer Not disinfected C:\Documents and Settings\BridgetBruner\Local Settings\Temp\pmt.exe

Adware:Adware/eZula Not disinfected C:\Documents and Settings\BridgetBruner\Local Settings\Temp\s1pg.9.exe[²èÇ]

Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\BridgetBruner\Local Settings\Temp\Tam01065.exe

Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\BridgetBruner\Local Settings\Temp\TICHD003.exe

Potentially unwanted tool:Application/WinAntiVirus2007 Not disinfected C:\Documents and Settings\BridgetBruner\Local Settings\Temp\WinAntiVirusPro2007FreeInstall.exe

Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\BridgetBruner\Local Settings\Temp\YazzleBundle-1281.exe

Adware:Adware/Trymedia Not disinfected C:\Downloads\FamilyFeudSetup-dm[1].exe

Adware:Adware/eZula Not disinfected C:\HJT\backups\backup-20060123-210537-828.dll

Virus:Trj/Agent.ERL Disinfected C:\Program Files\Common Files\Dell\EUSW\Support.exe

Virus:Trj/Agent.ERL Disinfected C:\Program Files\Common Files\Real\Update_OB\realsched.exe

Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\??curity\msdtc.exe

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@247realmedia[2].txt

Spyware:Cookie/Advertising Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@advertising[1].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@bs.serving-sys[1].txt

Spyware:Cookie/Go Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@go[2].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@serving-sys[1].txt

Virus:Trj/Agent.ERL Disinfected C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

Virus:Trj/Agent.ERL Disinfected C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe

Virus:Trj/Agent.ERL Disinfected C:\Program Files\REGSHAVE\REGSHAVE.EXE

Virus:Trj/Agent.ERL Disinfected C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Virus:Trj/Agent.ERL Disinfected C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

Adware:Adware/Yazzle Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir

Adware:Adware/Yazzle Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir

Adware:Adware/EliteBar Not disinfected C:\QooBox\Quarantine\C\WINDOWS\eliteunstall.exe.vir

Adware:Adware/eZula Not disinfected C:\QooBox\Quarantine\C\WINDOWS\justin.exe.vir

Adware:Adware/Zenosearch Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dwdsregt.exe.vir

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\hggefgf.dll.bad

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\hnmcxcsb.dll.bad

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\iiffdaa.dll.bad

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ikuuvdmx.dll.bad

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\jkkligd.dll.bad

Adware:Adware/WinAntivirus2006 Not disinfected C:\VundoFix Backups\rnxwpgle.dll.bad

Spyware:Application/ErrorProtector Not disinfected C:\WINDOWS\Downloaded Program Files\UERT_0001_D19M2109NetInstaller.exe

Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe

Adware:Adware/Zeno Not disinfected C:\WINDOWS\SYSTEM32\pwinmsap.exe

Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\SYSTEM32\rldsregm.exe

Adware:Adware/PurityScan Not disinfected C:\WINDOWS\SYSTEM32\S?mantec\r?gsvr32.exe

Adware:Adware/Adsmart Not disinfected C:\WINDOWS\SYSTEM32\T1QaSQ\T1QaSQ1065.exe

Adware:Adware/Ucmore Not disinfected C:\WINDOWS\SYSTEM32\T2\dlb66.exe

Adware:Adware/TTC Not disinfected C:\WINDOWS\SYSTEM32\T3\dlltk67.exe

Virus:Trj/Downloader.OJF

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 22:43, on 2007-06-06

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\pctspk.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

c:\program files\internet explorer\iexplore.exe

C:\Program Files\Bodog Poker\BPGame.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.prucar.com/

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www1.priv.cmls.xmlsweb.com/XMLSearch/XMLCache.CAB

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://www.topproduceronline.com/Downloads/arview2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://www.andersonfloors.com:8000/ibdc/da...timage40930.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.sonypictures.com/games/zuma/popcaploader_v6.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://cdn.downloadcontrol.com/files/insta...tector-Free.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F0522FD6-940C-4953-A325-2AE11C350E52}: NameServer = 10.10.70.1

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

Share this post


Link to post
Share on other sites

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

 

Step #1

 

Download Killbox.

Click killbox.exe.

Select the option "Delete on reboot".

 

Now copy the next bold part:

 

C:\windows\downloaded program files\UERS_9999_N91S2507NetInstaller.exe

C:\Documents and Settings\BridgetBruner\Desktop\Click to Find and Fix Errors.url

C:\Documents and Settings\BridgetBruner\Local Settings\Temp\!update.exe

C:\Documents and Settings\BridgetBruner\Local Settings\Temp\236DkqAa.exe

C:\Documents and Settings\BridgetBruner\Local Settings\Temp\95BZF3a.exe

C:\Documents and Settings\BridgetBruner\Local Settings\Temp\F3BBC.tmp

C:\Documents and Settings\BridgetBruner\Local Settings\Temp\ICD1.tmp\UERS_9999_N91S2507NetInstaller.exe

C:\Documents and Settings\BridgetBruner\Local Settings\Temp\pmt.exe

C:\Documents and Settings\BridgetBruner\Local Settings\Temp\s1pg.9.exe

C:\Documents and Settings\BridgetBruner\Local Settings\Temp\Tam01065.exe

C:\Documents and Settings\BridgetBruner\Local Settings\Temp\TICHD003.exe

C:\Documents and Settings\BridgetBruner\Local Settings\Temp\WinAntiVirusPro2007FreeInstall.exe

C:\Documents and Settings\BridgetBruner\Local Settings\Temp\YazzleBundle-1281.exe

C:\Downloads\FamilyFeudSetup-dm[1].exe

C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@247realmedia[2].txt

C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@advertising[1].txt

C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@bs.serving-sys[1].txt

C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@go[2].txt

C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@serving-sys[1].txt

C:\WINDOWS\Downloaded Program Files\UERT_0001_D19M2109NetInstaller.exe

C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe

C:\WINDOWS\SYSTEM32\pwinmsap.exe

C:\WINDOWS\SYSTEM32\rldsregm.exe

C:\WINDOWS\SYSTEM32\T1QaSQ\T1QaSQ1065.exe

C:\WINDOWS\SYSTEM32\T2\dlb66.exe

C:\WINDOWS\SYSTEM32\T3\dlltk67.exe

 

Open 'file' in the killboxmenu on top and choose Paste from clipboard

 

Now you will see, this is pasted in the "Full Path of File to Delete"-field.

There's a little arrow (dropdown-arrow) next to that field.

If you expand it, these lines must be there together if the files are

present!

 

Click the button: All Files (!important!)

 

Then press the button that looks like a red circle with a white X in it.

Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES

If you don't get that message, reboot manually.

 

Your computer must reboot now.

 

Find and delete this folder :

C:\!Killbox <= this folder

 

Step #2

 

We need to make sure all hidden files are showing so please:

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Step #3

 

Reboot Your System in Safe Mode:

  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.

Step #4

 

Find and delete these folders (if they are still there):

C:\WINDOWS\SYSTEM32\T1QaSQ

C:\WINDOWS\SYSTEM32\T2

C:\WINDOWS\SYSTEM32\T3

 

C:\WINDOWS\SYSTEM32\S?mantec

C:\Program Files\Common Files\??curity

 

The "?" could be anything. Delete the folder and all its content.

 

Step #5

 

Go to start > run and type: cleanmgr and click ok.

Let it scan your system for files to remove.

Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.

Press OK to remove them.

 

Reboot your computer normally.

 

Step #6

 

* Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

Step #7

Download Combofix to your desktop (I need you to (re)download it again!).

Doubleclick combofix.exe

Follow the prompts.

Don't click on the window while the fix is running, because that will cause your system to hang.

 

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Post this log in your next reply together with the contents of the log from Dr.Web you saved previously and a new hijackthislog.

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Edited by didom

Share this post


Link to post
Share on other sites

ComboFix 07-06-13.3 - C:\Documents and Settings\BridgetBruner\Desktop\ComboFix.exe

"BridgetBruner" - 2007-06-16 18:14:44 - Service Pack 1 NTFS

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Temp\0b9

C:\Temp\0b9\tmpTF.log

C:\WINDOWS\system32\pog

C:\WINDOWS\system32\T4

 

 

((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 )))))))))))))))))))))))))))))))

 

 

2007-06-16 18:14 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-15 18:41 <DIR> d-------- C:\DOCUME~1\BRIDGE~1\DoctorWeb

2007-06-06 21:16 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan

2007-05-26 11:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution

2007-05-24 18:52 <DIR> d-------- C:\VundoFix Backups

2007-05-22 20:49 <DIR> d--hs---- C:\UWA7P

2007-05-22 20:46 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll

2007-05-22 20:46 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007

2007-05-22 20:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007

2007-05-22 20:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\T6

2007-05-22 20:42 <DIR> d-------- C:\Temp

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-07 02:57:45 -------- d-----w C:\Program Files\REGSHAVE

2007-06-07 02:57:26 -------- d-----w C:\Program Files\QuickTime

2007-06-07 02:48:09 -------- d-----w C:\Program Files\iTunes

2007-06-07 02:47:18 -------- d-----w C:\Program Files\Google

2007-06-07 02:43:49 -------- d-----w C:\Program Files\Bodog Poker

2007-05-26 01:21:45 -------- d-----w C:\Program Files\Messenger

2007-05-24 23:10:10 -------- d-----w C:\Program Files\Spyware Doctor

2007-04-19 23:07:47 -------- d-----w C:\Program Files\iPod

2007-04-19 23:01:24 -------- d-----w C:\Program Files\Apple Software Update

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2005-05-24 08:44]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2005-11-08 17:43]

{B56A7D7D-6927-48C8-A975-17DF180C71AC}=C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2005-03-09 08:55]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCTVOICE"="pctspk.exe" [2002-07-18 16:58 C:\WINDOWS\SYSTEM32\pctspk.exe]

"@"="" []

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk

backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BridgetBruner^Start Menu^Programs^Startup^DLHelperEXE.exe]

path=C:\Documents and Settings\BridgetBruner\Start Menu\Programs\Startup\DLHelperEXE.exe

backup=C:\WINDOWS\pss\DLHelperEXE.exeStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BridgetBruner^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=C:\Documents and Settings\BridgetBruner\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConMgr.exe]

"C:\Program Files\EarthLink 5.0\conmgr.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]

"C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JobHisInit]

C:\Program Files\RMClient\JobHisInit.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]

"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MplSetUp]

C:\Program Files\RMClient\MplSetUp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\MSMSGS.EXE" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Messenger"=2 (0x2)

"wuauserv"=2 (0x2)

"uploadmgr"=2 (0x2)

"TrkWks"=2 (0x2)

"Themes"=2 (0x2)

"Alerter"=3 (0x3)

"SysmonLog"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"mnmsrvc"=3 (0x3)

"Dcfssvc"=2 (0x2)

"ClipSrv"=3 (0x3)

"CiSvc"=2 (0x2)

"BITS"=3 (0x3)

"ALG"=3 (0x3)

"McTaskManager"=2 (0x2)

"McShield"=2 (0x2)

"McAfeeFramework"=2 (0x2)

 

 

Contents of the 'Scheduled Tasks' folder

2007-04-19 23:01:28 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-16 18:21:33

Windows 5.1.2600 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-06-16 18:22:33

C:\ComboFix-quarantined-files.txt ... 2007-06-16 18:22

 

--- E O F ---

Share this post


Link to post
Share on other sites

backup-20060123-210537-828.dll;C:\HJT\backups;Adware.Ezula;Incurable.Moved.;

tdMain.js;C:\Poker\TournamentDirector\TournamentDirector\lib;Probably SCRIPT.Virus;Incurable.Moved.;

WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;

Yazzle1281OinAdmin.exe.vir;C:\QooBox\Quarantine\C\Program Files\Common Files;Adware.ClickSpring;Incurable.Moved.;

lavuna.dll.vir;C:\QooBox\Quarantine\C\Program Files\Messenger;Trojan.StartPage.19992;Deleted.;

eliteunstall.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Adware.MediaMotor;Incurable.Moved.;

dwdsregt.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Adware.ZenoSearch;Incurable.Moved.;

A0053428.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP445;Adware.ZenoSearch;Incurable.Moved.;

A0053448.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP445;Trojan.PurityAd;Deleted.;

A0053457.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP446;Trojan.Virtumod;Deleted.;

A0053476.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP447;Trojan.Virtumod;Deleted.;

A0053478.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP447;Trojan.Virtumod;Deleted.;

A0053480.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP447;Trojan.Virtumod;Deleted.;

A0053483.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP447;Trojan.Virtumod;Deleted.;

A0053485.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP447;Trojan.Virtumod;Deleted.;

A0053486.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP447;Trojan.Virtumod;Deleted.;

A0053499.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP447;Adware.ClickSpring;Incurable.Moved.;

A0053501.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP447;Trojan.StartPage.19992;Deleted.;

A0053502.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP447;Adware.ZenoSearch;Incurable.Moved.;

A0053503.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP447;Adware.MediaMotor;Incurable.Moved.;

A0053728.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP453;Trojan.DownLoader.22225;Deleted.;

A0053833.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Adware.TryMedia;Incurable.Moved.;

A0053834.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Adware.ZenoSearch;Incurable.Moved.;

A0053835.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Adware.ZenoSearch;Incurable.Moved.;

A0053836.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Trojan.DownLoader.24027;Deleted.;

A0053837.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Adware.Ucmore;Incurable.Moved.;

A0053838.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Trojan.StartPage.19993;Deleted.;

A0053850.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Trojan.DownLoader.22753;Deleted.;

A0053851.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Adware.ClickSpring;Incurable.Moved.;

A0053852.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Trojan.DownLoader.22753;Deleted.;

A0053853.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Trojan.Fakealert;Deleted.;

A0053854.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Trojan.Fakealert;Deleted.;

A0053855.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Adware.Ucmore;Incurable.Moved.;

A0053856.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Trojan.StartPage.19993;Deleted.;

A0053857.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Adware.TryMedia;Incurable.Moved.;

A0053858.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Trojan.DownLoader.3945;Deleted.;

A0053859.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Adware.ZenoSearch;Incurable.Moved.;

A0053860.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Adware.ZenoSearch;Incurable.Moved.;

A0053862.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Trojan.DownLoader.24027;Deleted.;

A0053864.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Adware.ZenoSearch;Incurable.Moved.;

A0053865.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Trojan.DownLoader.10963;Deleted.;

A0053867.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP454;Trojan.DownLoader.10963;Deleted.;

byxut.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

hnmcxcsb.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

ikuuvdmx.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

rnxwpgle.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

urspn.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

vturq.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

SCDSetup.EXE;C:\WINDOWS;Probably DLOADER.Trojan;Incurable.Moved.;

DLHelperEXE.exeStartup;C:\WINDOWS\pss;Adware.Webcom;Incurable.Moved.;

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 6:53:42 PM, on 6/16/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\pctspk.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Bodog Poker\BPGame.exe

C:\WINDOWS\EXPLORER.EXE

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.prucar.com/

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www1.priv.cmls.xmlsweb.com/XMLSearch/XMLCache.CAB

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://www.topproduceronline.com/Downloads/arview2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://www.andersonfloors.com:8000/ibdc/da...timage40930.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.sonypictures.com/games/zuma/popcaploader_v6.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://cdn.downloadcontrol.com/files/insta...tector-Free.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F0522FD6-940C-4953-A325-2AE11C350E52}: NameServer = 10.10.70.1

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

Share this post


Link to post
Share on other sites

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

 

Step #1

 

Please click: Start--> Control Panel--> Add or Remove Programs--> Uninstall (if found) any instances of:

Bodog Poker Version 2.8.2.8

 

Then reboot your computer.

 

Step #2

 

Scan again with HijackThis and check the following items:

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe

 

If you have not put these yourself in the Trusted Zone also check:

 

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

After checking these items, close all browser windows except HijackThis and click "Fix checked".

 

Step #3

 

Delete everything inside this folder: (except you know what its it.)

c:\temp

 

Step #4

 

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

 

Folder::
C:\WINDOWS\SYSTEM32\T6
C:\UWA7P
C:\Program Files\Common Files\WinAntiVirus Pro 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
C:\Program Files\Bodog Poker

 

 

Save this as ComboFix-Do.txt and change the "Save as type" to "All Files" and place it on your desktop.

 

 

Combo-Do.gif

 

 

 

Referring to the screenshot above, drag ComboFix-Do.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

 

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

Step #5

 

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Start HijackThis, perform a new scan and save the log file.

 

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

 

Please post the log from the ComboFix scan located at C:\ComboFix.txt.

Share this post


Link to post
Share on other sites

Sorry to take so long getting back on this! My 3 logs are posted below: Thanks!

 

ComboFix 07-06-13.3 - C:\Documents and Settings\BridgetBruner\Desktop\ComboFix.exe

"BridgetBruner" - 2007-06-16 18:14:44 - Service Pack 1 NTFS

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Temp\0b9

C:\Temp\0b9\tmpTF.log

C:\WINDOWS\system32\pog

C:\WINDOWS\system32\T4

 

 

((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 )))))))))))))))))))))))))))))))

 

 

2007-06-16 18:14 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-15 18:41 <DIR> d-------- C:\DOCUME~1\BRIDGE~1\DoctorWeb

2007-06-06 21:16 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan

2007-05-26 11:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution

2007-05-24 18:52 <DIR> d-------- C:\VundoFix Backups

2007-05-22 20:49 <DIR> d--hs---- C:\UWA7P

2007-05-22 20:46 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll

2007-05-22 20:46 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007

2007-05-22 20:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007

2007-05-22 20:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\T6

2007-05-22 20:42 <DIR> d-------- C:\Temp

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-07 02:57:45 -------- d-----w C:\Program Files\REGSHAVE

2007-06-07 02:57:26 -------- d-----w C:\Program Files\QuickTime

2007-06-07 02:48:09 -------- d-----w C:\Program Files\iTunes

2007-06-07 02:47:18 -------- d-----w C:\Program Files\Google

2007-06-07 02:43:49 -------- d-----w C:\Program Files\Bodog Poker

2007-05-26 01:21:45 -------- d-----w C:\Program Files\Messenger

2007-05-24 23:10:10 -------- d-----w C:\Program Files\Spyware Doctor

2007-04-19 23:07:47 -------- d-----w C:\Program Files\iPod

2007-04-19 23:01:24 -------- d-----w C:\Program Files\Apple Software Update

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2005-05-24 08:44]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2005-11-08 17:43]

{B56A7D7D-6927-48C8-A975-17DF180C71AC}=C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2005-03-09 08:55]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCTVOICE"="pctspk.exe" [2002-07-18 16:58 C:\WINDOWS\SYSTEM32\pctspk.exe]

"@"="" []

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk

backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BridgetBruner^Start Menu^Programs^Startup^DLHelperEXE.exe]

path=C:\Documents and Settings\BridgetBruner\Start Menu\Programs\Startup\DLHelperEXE.exe

backup=C:\WINDOWS\pss\DLHelperEXE.exeStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BridgetBruner^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=C:\Documents and Settings\BridgetBruner\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConMgr.exe]

"C:\Program Files\EarthLink 5.0\conmgr.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]

"C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JobHisInit]

C:\Program Files\RMClient\JobHisInit.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]

"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MplSetUp]

C:\Program Files\RMClient\MplSetUp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\MSMSGS.EXE" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Messenger"=2 (0x2)

"wuauserv"=2 (0x2)

"uploadmgr"=2 (0x2)

"TrkWks"=2 (0x2)

"Themes"=2 (0x2)

"Alerter"=3 (0x3)

"SysmonLog"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"mnmsrvc"=3 (0x3)

"Dcfssvc"=2 (0x2)

"ClipSrv"=3 (0x3)

"CiSvc"=2 (0x2)

"BITS"=3 (0x3)

"ALG"=3 (0x3)

"McTaskManager"=2 (0x2)

"McShield"=2 (0x2)

"McAfeeFramework"=2 (0x2)

 

 

Contents of the 'Scheduled Tasks' folder

2007-04-19 23:01:28 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-16 18:21:33

Windows 5.1.2600 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-06-16 18:22:33

C:\ComboFix-quarantined-files.txt ... 2007-06-16 18:22

 

--- E O F ---

Share this post


Link to post
Share on other sites

Oh, and I didn't delete the Bodog Poker files b/c I actually play poker at Bodog a couple times a week. I hope that's okay.

 

 

Incident Status Location

 

Adware:adware/surfaccuracy Not disinfected Windows Registry

Adware:adware/ist.sidefind Not disinfected Windows Registry

Adware:adware/ucmore Not disinfected Windows Registry

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\BridgetBruner\Desktop\ComboFix.exe[nircmd.exe]

Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\A0053428.exe

Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\A0053499.exe

Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\A0053502.exe

Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\A0053503.exe

Adware:Adware/Trymedia Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\A0053833.exe

Adware:Adware/Zeno Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\A0053834.exe

Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\A0053835.exe

Adware:Adware/Ucmore Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\A0053837.exe

Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\A0053851.exe

Adware:Adware/Ucmore Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\A0053855.exe

Adware:Adware/Trymedia Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\A0053857.exe

Adware:Adware/Zeno Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\A0053859.exe

Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\A0053860.exe

Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\A0053864.exe

Adware:Adware/eZula Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\backup-20060123-210537-828.dll

Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\dwdsregt.exe.vir

Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\eliteunstall.exe.vir

Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\BridgetBruner\DoctorWeb\Quarantine\Yazzle1281OinAdmin.exe.vir

Adware:Adware/PurityScan Not disinfected C:\HJT\backups\backup-20070525-202741-878.dll

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@247realmedia[2].txt

Spyware:Cookie/YieldManager Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@ad.yieldmanager[2].txt

Spyware:Cookie/PointRoll Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@ads.pointroll[2].txt

Spyware:Cookie/Advertising Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@advertising[2].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@atdmt[2].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@bs.serving-sys[1].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@casalemedia[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@fastclick[2].txt

Spyware:Cookie/Hitbox Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@phg.hitbox[1].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@questionmarket[1].txt

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@server.iad.liveperson[1].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@serving-sys[1].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@trafficmp[1].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@tribalfusion[2].txt

Spyware:Cookie/Zedo Not disinfected C:\Program Files\EarthLink 5.0\bbruner7@earthlink.net\Cookies\bridgetbruner@zedo[1].txt

Adware:Adware/Yazzle Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir

Adware:Adware/eZula Not disinfected C:\QooBox\Quarantine\C\WINDOWS\justin.exe.vir

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\hggefgf.dll.bad

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\iiffdaa.dll.bad

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\jkkligd.dll.bad

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe

Share this post


Link to post
Share on other sites

ComboFix 07-06-13.3 - C:\Documents and Settings\BridgetBruner\Desktop\ComboFix.exe

"BridgetBruner" - 2007-06-29 11:26:22 - Service Pack 1 NTFS

Command switches used :: C:\Documents and Settings\BridgetBruner\Desktop\ComboFix-Do.txt

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007

C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr

C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ActivationCode

C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode

C:\Program Files\Common Files\WinAntiVirus Pro 2007

C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.log

C:\Program Files\Common Files\WinAntiVirus Pro 2007\mfc71.dll

C:\Program Files\Common Files\WinAntiVirus Pro 2007\msvcp71.dll

C:\Program Files\Common Files\WinAntiVirus Pro 2007\msvcr71.dll

C:\UWA7P

C:\WINDOWS\SYSTEM32\T6

 

 

((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-29 )))))))))))))))))))))))))))))))

 

 

2007-06-29 10:07 <DIR> d-------- C:\WINDOWS\LastGood

2007-06-16 18:14 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-15 18:41 <DIR> d-------- C:\DOCUME~1\BRIDGE~1\DoctorWeb

2007-06-06 21:16 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-27 00:49:54 -------- d-----w C:\Program Files\Dl_cats

2007-06-22 15:22:26 -------- d-----w C:\Program Files\PartyGaming

2007-06-07 02:57:45 -------- d-----w C:\Program Files\REGSHAVE

2007-06-07 02:57:26 -------- d-----w C:\Program Files\QuickTime

2007-06-07 02:48:09 -------- d-----w C:\Program Files\iTunes

2007-06-07 02:47:18 -------- d-----w C:\Program Files\Google

2007-06-07 02:43:49 -------- d-----w C:\Program Files\Bodog Poker

2007-05-26 01:21:45 -------- d-----w C:\Program Files\Messenger

2007-05-24 23:10:10 -------- d-----w C:\Program Files\Spyware Doctor

2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2005-05-24 08:44]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2005-11-08 17:43]

{B56A7D7D-6927-48C8-A975-17DF180C71AC}=C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2005-03-09 08:55]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCTVOICE"="pctspk.exe" [2002-07-18 16:58 C:\WINDOWS\SYSTEM32\pctspk.exe]

"@"="" []

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk

backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BridgetBruner^Start Menu^Programs^Startup^DLHelperEXE.exe]

path=C:\Documents and Settings\BridgetBruner\Start Menu\Programs\Startup\DLHelperEXE.exe

backup=C:\WINDOWS\pss\DLHelperEXE.exeStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BridgetBruner^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=C:\Documents and Settings\BridgetBruner\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConMgr.exe]

"C:\Program Files\EarthLink 5.0\conmgr.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]

"C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JobHisInit]

C:\Program Files\RMClient\JobHisInit.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]

"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MplSetUp]

C:\Program Files\RMClient\MplSetUp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\MSMSGS.EXE" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Messenger"=2 (0x2)

"wuauserv"=2 (0x2)

"uploadmgr"=2 (0x2)

"TrkWks"=2 (0x2)

"Themes"=2 (0x2)

"Alerter"=3 (0x3)

"SysmonLog"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"mnmsrvc"=3 (0x3)

"Dcfssvc"=2 (0x2)

"ClipSrv"=3 (0x3)

"CiSvc"=2 (0x2)

"BITS"=3 (0x3)

"ALG"=3 (0x3)

"McTaskManager"=2 (0x2)

"McShield"=2 (0x2)

"McAfeeFramework"=2 (0x2)

 

 

Contents of the 'Scheduled Tasks' folder

2007-04-19 23:01:28 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-29 11:33:42

Windows 5.1.2600 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-06-29 11:34:28

C:\ComboFix-quarantined-files.txt ... 2007-06-29 11:34

C:\ComboFix2.txt ... 2007-06-16 18:22

 

--- E O F ---

Share this post


Link to post
Share on other sites

Please post a fresh HijackThis log and tell me how your system is running now!

Share this post


Link to post
Share on other sites

My system seems to be running okay. The pop-ups stopped a while ago. Any thing else I need to do? Thanks for your help!!!

 

Logfile of HijackThis v1.99.1

Scan saved at 3:38:31 PM, on 7/9/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\pctspk.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.prucar.com/

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www1.priv.cmls.xmlsweb.com/XMLSearch/XMLCache.CAB

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://www.topproduceronline.com/Downloads/arview2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://www.andersonfloors.com:8000/ibdc/da...timage40930.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.sonypictures.com/games/zuma/popcaploader_v6.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://cdn.downloadcontrol.com/files/insta...tector-Free.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F0522FD6-940C-4953-A325-2AE11C350E52}: NameServer = 10.10.70.1

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

Share this post


Link to post
Share on other sites

This log looks clean!

  • Don't forget to re-hide all files and folders. To re-hide all files and folders:
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading deselect "Show hidden files and folders".
    • Check the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.

     

    To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

    1. Turn off System Restore.
      • On the Desktop, right-click My Computer.
      • Click Properties.
      • Click the System Restore tab.
      • Check "Turn off System Restore".
      • Click Apply, and then click OK.

    [*]Reboot your computer.

     

    [*]Turn ON System Restore.

    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • UN-Check "Turn off System Restore".
    • Click Apply, and then click OK.

[*]This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....

 

Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.

 

Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.

 

This can be accessed by going to http://windowsupdate.microsoft.com and following the prompts. If you are running Windows XP make sure you get updated to SP-2!!

 

Please post back if you are still having any problems....

 

MWC-2.gif

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0