Post by: deighan2004 on October 30, 2006, 08:12:13 PM
Also everytime i right click to paste something or every now and again roxio easy media creator tries to install????
Anyway would really really appreciate sum help, Thanks very much mate
Regards
Paddy
Logfile of HijackThis v1.99.1
Scan saved at 00:58:41, on 31/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\VideoCompressionCodec\pmsngr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\VideoCompressionCodec\pmmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\paddy\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ (http://\"http://www.google.co.uk/\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - blank (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Program Files\32RedMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.Email (http://\"http://by111fd.bay111.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{39114087-D037-441A-86E4-FFAB57148C1B}: NameServer = 212.139.132.6 212.139.132.7
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Post by: guestolo on October 30, 2006, 08:24:43 PM
I don't like to recommend it, If you didn't pay for it can you uninstall it from add/remove programs please
I'll get you other free tools that do a better job
Reboot your computer
Come back here and post all the next following logs
1. Post a fresh hijackthis log
2. Download the latest version of [color=\"red\"]SmitfraudFix[/color] (http://\"http://siri.urz.free.fr/Fix/SmitfraudFix.zip\")[/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
[color=\"#3366FF\"]Note[/color] : [color=\"#FF0000\"]process.exe[/color] [color=\"#3366FF\"]is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.[/color]
3. Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log from combofix please
Post by: deighan2004 on November 01, 2006, 07:49:32 AM
/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' /> Thanks very much for getting back to me. I removed the spyware terminator
heres the logs you asked for
1:[/color]
Logfile of HijackThis v1.99.1
Scan saved at 12:31:19, on 01/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\VideoCompressionCodec\pmsngr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\VideoCompressionCodec\pmmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\paddy\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ (http://\"http://www.google.co.uk/\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - blank (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Program Files\32RedMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.Email (http://\"http://by111fd.bay111.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[color=\"#ff00ff\"][color=\"#ff0000\"]2:[/color]
[/color]SmitFraudFix v2.117
Scan done at 12:36:53.57, 01/11/2006
Run from C:\Documents and Settings\paddy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\a.exe FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\paddy
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\paddy\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\paddy\FAVORI~1
C:\DOCUME~1\paddy\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\VideoCompressionCodec\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="http://newsimg.bbc.co.uk/media/images/4103...le-getty416.jpg (http://\"http://newsimg.bbc.co.uk/media/images/41033000/jpg/_41033756_treble-getty416.jpg\")"
"SubscribedURL"="http://newsimg.bbc.co.uk/media/images/4103...le-getty416.jpg (http://\"http://newsimg.bbc.co.uk/media/images/41033000/jpg/_41033756_treble-getty416.jpg\")"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
[color=\"#ff0000\"]3:[/color]
paddy - 06-11-01 12:22:24.46 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\paddy\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\uninstall_nmon.vbs
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Inetget2
C:\Program Files\msmovies
C:\Program Files\network monitor
C:\Program Files\Common Files\{E86EFAA3-0AE9-1033-0721-03062403002c}
((((((((((((((((((((((((((((((( Files Created from 2006-10-01 to 2006-11-01 ))))))))))))))))))))))))))))))))))
2006-10-24 09:50 77,824 --a------ C:\WINDOWS\system32\driverif.dll
2006-10-24 09:50 75,776 --a------ C:\WINDOWS\zllsputility.exe
2006-10-24 09:50 733,236 --a------ C:\WINDOWS\system32\vete.dll
2006-10-24 09:50 541,733 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-10-24 09:50 21,605 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2006-10-24 09:50 15,668 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2006-10-24 09:50 12,288 --a------ C:\WINDOWS\system32\vetntmsg.dll
2006-10-24 09:50 108,453 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2006-10-24 09:42 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-10-13 10:01 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-01 22:23 706,048 --a------ C:\WINDOWS\system32\libmcl-3.1.1.dll
2006-10-01 22:23 3,423,744 --a------ C:\WINDOWS\system32\libfilefmt-1.1.0.dll
2006-10-01 22:23 20,480 --a------ C:\WINDOWS\system32\libavi-dd-1.2.0.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-01 12:23 -------- d-------- C:\Program Files\Common Files
2006-11-01 11:19 -------- d-------- C:\Documents and Settings\paddy\Application Data\AVG7
2006-10-30 14:29 -------- d-------- C:\Program Files\32RedMPP
2006-10-30 14:08 -------- d-------- C:\Documents and Settings\paddy\Application Data\Microgaming
2006-10-29 23:11 -------- d-------- C:\Program Files\Roxio Easy Media Creator 7.5 ENG Trial
2006-10-29 21:11 -------- d-------- C:\Program Files\Spyware Terminator
2006-10-29 16:17 -------- d-------- C:\Program Files\eMule
2006-10-29 14:31 -------- d-------- C:\Program Files\QuickTime
2006-10-25 10:17 -------- d-------- C:\Program Files\VideoCompressionCodec
2006-10-24 09:58 -------- d-------- C:\Documents and Settings\paddy\Application Data\MailFrontier
2006-10-24 09:50 -------- d-------- C:\Program Files\Zone Labs
2006-10-24 09:42 -------- d-------- C:\Program Files\Internet Explorer
2006-10-22 14:48 -------- d-------- C:\Program Files\Registry Mechanic
2006-10-22 14:45 -------- d-------- C:\Program Files\Common Files\Download Manager
2006-10-18 17:35 -------- d-------- C:\Program Files\Boilsoft AVI Converter
2006-10-18 17:15 -------- d-------- C:\Program Files\Common Files\AVSMedia
2006-10-18 17:14 -------- d-------- C:\Program Files\AVSMedia
2006-10-18 17:14 -------- d-------- C:\Program Files\Allok AVI MPEG Converter
2006-10-18 13:16 -------- d-------- C:\Program Files\Nero
2006-10-18 13:16 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-18 08:26 -------- d-------- C:\Program Files\Ahead
2006-10-15 15:18 -------- d-------- C:\Documents and Settings\paddy\Application Data\Free Download Manager
2006-10-14 19:58 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-13 17:31 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-10-13 10:00 816288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-09 12:52 -------- d-------- C:\Documents and Settings\paddy\Application Data\uTorrent
2006-10-09 00:11 -------- d-------- C:\Documents and Settings\paddy\Application Data\Sun
2006-10-06 23:37 -------- d-------- C:\Program Files\Java
2006-10-02 21:12 -------- d-------- C:\Program Files\Paddy Power Poker
2006-09-25 15:01 -------- d-------- C:\Documents and Settings\paddy\Application Data\deighan1
2006-09-25 13:00 -------- d-------- C:\Program Files\MSN Messenger
2006-09-23 10:39 -------- d-------- C:\Documents and Settings\paddy\Application Data\Rocky2t6
2006-09-20 00:12 2368 --a------ C:\WINDOWS\system32\SVKP.sys
2006-09-19 23:37 -------- d-------- C:\Documents and Settings\paddy\Application Data\Vso
2006-09-19 01:11 -------- d-------- C:\Documents and Settings\paddy\Application Data\Nero
2006-09-18 10:32 34 --a------ C:\Documents and Settings\paddy\Application Data\pcouffin.log
2006-09-18 10:31 81920 --a------ C:\Documents and Settings\paddy\Application Data\ezpinst.exe
2006-09-18 10:31 7176 --a------ C:\Documents and Settings\paddy\Application Data\pcouffin.cat
2006-09-18 10:31 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2006-09-18 10:31 47360 --a------ C:\Documents and Settings\paddy\Application Data\pcouffin.sys
2006-09-18 10:31 1144 --a------ C:\Documents and Settings\paddy\Application Data\pcouffin.inf
2006-09-18 10:31 -------- d-------- C:\Program Files\vso
2006-09-16 19:45 -------- d-------- C:\Program Files\Cucusoft
2006-09-16 17:43 -------- d-------- C:\Documents and Settings\paddy\Application Data\deighan
2006-09-15 11:01 -------- d-------- C:\Documents and Settings\paddy\Application Data\Roxio
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 19:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-12 19:02 -------- d-------- C:\Documents and Settings\paddy\Application Data\Samsung
2006-09-12 17:58 -------- d-------- C:\Program Files\Samsung
2006-09-12 17:58 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-11 23:27 -------- d-------- C:\Program Files\WinRAR
2006-09-11 22:22 -------- d-------- C:\Documents and Settings\paddy\Application Data\.ABC
2006-09-08 17:26 4222516 --a------ C:\ABC-win32-v3.1.exe
2006-09-08 15:47 -------- d-------- C:\Program Files\MP3 Rocket
2006-09-08 15:47 -------- d-------- C:\Program Files\Common Files\Scanner
2006-09-06 11:15 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-06 01:25 -------- d-------- C:\Program Files\MP3 Player Utilities 1.51
2006-09-06 00:43 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-06 00:42 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-05 23:06 -------- d-------- C:\Program Files\CleanUp!
2006-09-05 20:31 448593 --ahs---- C:\WINDOWS\system32\yycdd.bak1
2006-09-04 21:00 -------- d-------- C:\Documents and Settings\paddy\Application Data\Seven Zip
2006-09-01 15:41 -------- d-------- C:\Documents and Settings\paddy\Application Data\Ahead
2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 12:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 09:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 11:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SpywareTerminator"="\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"RegistryMechanic"="C:\\Program Files\\Registry Mechanic\\RegMech.exe /QS"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="http://newsimg.bbc.co.uk/media/images/4103...le-getty416.jpg (http://\"http://newsimg.bbc.co.uk/media/images/41033000/jpg/_41033756_treble-getty416.jpg\")"
"SubscribedURL"="http://newsimg.bbc.co.uk/media/images/4103...le-getty416.jpg (http://\"http://newsimg.bbc.co.uk/media/images/41033000/jpg/_41033756_treble-getty416.jpg\")"
"FriendlyName"=""
"Flags"=dword:00001001
"Position"=hex:2c,00,00,00,a2,01,00,00,23,00,00,00,a4,00,00,00,9a,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,d2,03,00,00,6d,01,00,00,a0,01,00,00,2c,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ae,06,41,c0,b4,74,a8,6f,7a,01,68,de,ae,06,20,6d,\
ae,06,08,09,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"pmsngr.exe"="C:\\Program Files\\VideoCompressionCodec\\pmsngr.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-11-01 12:23:50.64
C:\ComboFix.txt ... 06-11-01 12:23
Thats all the logs hope you can help
Thanks guestolo
Post by: guestolo on November 01, 2006, 08:16:51 PM
You can go ahead and delete this leftover folder
C:\Program Files\Spyware Terminator
I see you have AVG AntiVirus installed, can I also have you install it's sister program
Download>>Install [color=\"#000099\"]AVG Anti-Spyware 7.5[/color] (http://\"http://www.ewido.net/en/download/\") from Ewido networks
- Load AVG-antispyware and then click the Update tab at the top. Under Manual Update click Start update.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Close it afterwards, as we will need it later
to your desktop.
We'll need it later
We should update your version of Sun Java to plug up security holes that malware can exploit
==Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9 (http://\"http://java.sun.com/javase/downloads/index.jsp\")
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement[/i]".
- The page will refresh.
- Click on the link to download Windows Offline Installation Multi-language
Don't install it yet
Access your Add/remove programs via Control Panel
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
eg..J2SE Runtime Environment 5.0 Update 6
It should have the following icon next to it: (http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif)
Select it and click Remove on any found
VundoFix.exe
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."
Then reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
* Clean your Cache and Cookies in IE:
- Go to Control Panel > Internet Options > General tab
- Click the "Delete Cookies" button
- Next to it, Click the "Delete Files" button
- When prompted, place a check in: "Delete all offline content", click OK
- Go to Tools > Options.
- Click Privacy in the menu on the left side of the Options window.
- Click the Clear button located to the right of each option (History, Cookies, Cache).
- Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
[/list]* Clean other Temporary files + Recycle bin
- Go to start > run and type:
- Let it scan your system for files to remove.
- Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
- Press OK to remove them.
- Double-click smitfraudfix.cmd
- Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
- You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
- The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
I'll need to see these later, by default it is saved at C:\rapport.txt
If a reboot was required, reboot normally, then back to safe mode
If no reboot was required, remain in safe mode
AVG-AntiSpyware Scan
- Load AVG-Antispyware and Select the "Scanner" tab
- Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected
- Click back to the "Scan" tab and then click on Complete System Scan.
- Let this scan complete, let it run uninterrupted
- AVG will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
- An AVG icon will be placed in your system tray next to your clock, can you right on it and uncheck both
"Resident Shield" and "Start with Windows"
[/list]Reboot the computer back to Normal windows
Back in Windows
Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")
Go ahead and install the latest version of Sun java from the installer on your desktop
After installation you can delete the installer
Can you post back the following please
1. Post a fresh hijackthis log
2. Post the whole report from AVG-Antispyware
3. The report from Smitfraudfix>>C:\Rapport.txt
4. The report from Vundofix>>C:\Vundofix.txt
Post by: deighan2004 on November 03, 2006, 12:48:09 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />vundofix didnt find anything but everything else seems to have went well, havent had a pop up since i can out of safe mode!!!
cheerz mate
Logfile of HijackThis v1.99.1
Scan saved at 17:42:58, on 03/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\32RedMPP\MPPoker.exe
C:\Documents and Settings\paddy\Desktop\hijackthis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Program Files\32RedMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.Email (http://\"http://by111fd.bay111.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{39114087-D037-441A-86E4-FFAB57148C1B}: NameServer = 212.139.132.6 212.139.132.7
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 17:24:38 03/11/2006
+ Scan result:
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : No action taken.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : No action taken.
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : No action taken.
C:\WINDOWS\system32\rk.bin -> Adware.RK : No action taken.
C:\Program Files\Common Files\mrok\mrokd\vocabulary -> Downloader.TSUpdate.j : No action taken.
C:\Documents and Settings\paddy\Cookies\paddy@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
::Report end
SmitFraudFix v2.117
Scan done at 13:40:48.60, 03/11/2006
Run from C:\Documents and Settings\paddy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\a.exe Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
C:\DOCUME~1\paddy\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\VideoCompressionCodec\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
VundoFix V6.2.6
Checking Java version...
Sun Java not detected
Scan started at 13:20:44 03/11/2006
Listing files found while scanning....
No infected files were found.
ONCE AGAIN U HAVE SAVED THE DAY IT SEEMS!!!!!!!!!!!!!!!!!!!!!!!!
HAPPY DAYZ!!!!!!!!!!!!!!!1
Post by: guestolo on November 04, 2006, 12:56:55 AM
You didn't follow complete instructions, make sure to check for updates ahead of time
Notice the part about change recommendation action to Quarantine
- Load AVG-Antispyware and do a manual update
- Select the "Scanner" tab
- Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected
- Click back to the "Scan" tab and then click on Complete System Scan.
- Let this scan complete, let it run uninterrupted
- AVG will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Come back here and post the fresh report from AVG please
Post by: deighan2004 on November 08, 2006, 07:12:54 AM
Post by: deighan2004 on November 08, 2006, 06:00:19 PM
[font=\"Courier New\"][/font]Guestolo this is the avg log i cant get onto this website from my computer in the house somethings blocking me from getting on it, the website just says error
Code: [Select]
Quote
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 15:55:58 08/11/2006
+ Scan result:
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : No action taken.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : No action taken.
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : No action taken.
C:\WINDOWS\system32\rk.bin -> Adware.RK : No action taken.
C:\Program Files\Common Files\mrok\mrokd\vocabulary -> Downloader.TSUpdate.j : No action taken.
C:\Documents and Settings\paddy\Local Settings\Temporary Internet Files\Content.IE5\HRRLFTJW\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\paddy\Local Settings\Temporary Internet Files\Content.IE5\O92VW5U7\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\paddy\Cookies\paddy@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\paddy\Cookies\paddy@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\paddy\Cookies\paddy@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\paddy\Cookies\paddy@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\paddy\Cookies\[/font][font=\"Courier New\"][email protected][/font][font=\"Courier New\"][2].txt -> TrackingCookie.Yieldmanager : No action taken.
::Report end [/font]
Post by: guestolo on November 08, 2006, 08:25:15 PM
Notice the following in bold
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : No action taken.
Your No action taken means your not following the instructions I posted when running AVG-Antispyware
and everything found by AVG has No action taken
Notice what I said here
# Select the "Scanner" tab
# Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected
Your Missing a step
So your not letting AVG quarantine any items
Do you want to try again?
Or we can manually try and fix these
Post by: deighan2004 on November 09, 2006, 08:00:41 AM
Ill try it again and post log back
cheers
Post by: deighan2004 on November 09, 2006, 08:02:49 AM
Post by: deighan2004 on November 09, 2006, 01:50:33 PM
[font=\"Courier New\"][/font]This is the most recent report i done. The previous report was saved BEFORE i deleted the viruses forgot to save it after i 'applied all actions' sorry about that.
Also roxio easy media creator keeps trying to install on my computer. anyway heres the report
[font=\"Courier New\"][/font]
[font=\"Courier New\"][/font]
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 15:43:21 09/11/2006
+ Scan result:
C:\Documents and Settings\paddy\Cookies\paddy@com[1].txt -> TrackingCookie.Com : Cleaned.
::Report end[/font]
Post by: guestolo on November 09, 2006, 08:58:32 PM
Post by: guestolo on November 09, 2006, 09:09:55 PM
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
+Run combofix one more time and post the fresh log it produces
Post by: deighan2004 on November 10, 2006, 03:39:21 PM
Heres the 2logs, cheerz guestolo
[font=\"Courier New\"]µTorrent
32Red Poker
Ad-Aware SE Personal
Adobe Reader 7.0.5
Allok AVI MPEG Converter 2.0.2
AVG Anti-Spyware 7.5
AVG Anti-Virus 7.1
AVS Video Tools 5.3
Boilosft AVI to VCD SVCD DVD Converter 3.61
CleanUp!
Command & Conquer Tiberian Sun
ConvertXtoDVD 2.1.0
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
Dell ResourceCD
DivX
DivX Player
eMule
Football Manager 2005
HijackThis 1.99.1
Intel® PRO Network Adapters and Drivers
J2SE Runtime Environment 5.0 Update 9
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic DVD Creator Trial Version (English) 7.9.0.3
Microsoft Office Professional Edition 2003
MP3 Player Utilities 1.51
MSXML 4.0 SP2 (KB925672)
NVIDIA Windows 2000/XP Display Drivers
Pacific Poker
Paddy Power Poker
QuickSnooker
Registry Mechanic 5.2
Roxio Easy Media Creator 7.5 Trial
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem ^^
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sony Ericsson PC Suite
SoundMAX
SpeedTouch USB Software
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Westwood Shared Internet Components
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
ZoneAlarm Security Suite
paddy - 06-11-10 18:43:20.40 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\paddy\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-10-10 to 2006-11-10 ))))))))))))))))))))))))))))))))))
2006-11-09 01:46 719,872 --a------ C:\WINDOWS\system32\devil.dll
2006-11-09 01:46 308,224 --a------ C:\WINDOWS\system32\avisynth.dll
2006-11-03 12:58 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-01 12:36 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-01 12:36 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-01 12:36 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-01 12:36 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-24 09:50 77,824 --a------ C:\WINDOWS\system32\driverif.dll
2006-10-24 09:50 75,776 --a------ C:\WINDOWS\zllsputility.exe
2006-10-24 09:50 733,236 --a------ C:\WINDOWS\system32\vete.dll
2006-10-24 09:50 541,733 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-10-24 09:50 21,605 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2006-10-24 09:50 15,668 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2006-10-24 09:50 12,288 --a------ C:\WINDOWS\system32\vetntmsg.dll
2006-10-24 09:50 108,453 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2006-10-24 09:42 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-10-13 10:01 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-10 18:45 -------- d-------- C:\Documents and Settings\paddy\Application Data\uTorrent
2006-11-10 18:30 -------- d-------- C:\Program Files\32RedMPP
2006-11-10 18:27 -------- d-------- C:\Documents and Settings\paddy\Application Data\Microgaming
2006-11-10 18:08 -------- d-------- C:\Program Files\Magic DVD Creator
2006-11-10 12:05 -------- d-------- C:\Program Files\Common Files\Ahead
2006-11-10 11:34 -------- d-------- C:\Documents and Settings\paddy\Application Data\AVG7
2006-11-09 19:43 -------- d-------- C:\Program Files\PacificPoker
2006-11-09 16:06 -------- d-------- C:\Program Files\Registry Mechanic
2006-11-09 13:38 -------- d-------- C:\Program Files\eMule
2006-11-09 01:46 47360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-11-09 01:34 -------- d-------- C:\Program Files\Common Files\MagicDVDRipper
2006-11-09 01:34 -------- d-------- C:\Program Files\Common Files
2006-11-09 00:08 -------- d-------- C:\Program Files\MSN Messenger
2006-11-08 16:04 -------- d-------- C:\Program Files\Ahead
2006-11-05 15:03 -------- d-------- C:\Program Files\uTorrent
2006-11-03 17:34 -------- d-------- C:\Program Files\Java
2006-11-03 17:33 -------- d-------- C:\Program Files\Common Files\Java
2006-11-03 12:58 -------- d-------- C:\Program Files\Grisoft
2006-11-03 12:51 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-29 23:11 -------- d-------- C:\Program Files\Roxio Easy Media Creator 7.5 ENG Trial
2006-10-29 14:31 -------- d-------- C:\Program Files\QuickTime
2006-10-24 09:58 -------- d-------- C:\Documents and Settings\paddy\Application Data\MailFrontier
2006-10-24 09:50 -------- d-------- C:\Program Files\Zone Labs
2006-10-24 09:42 -------- d-------- C:\Program Files\Internet Explorer
2006-10-22 14:45 -------- d-------- C:\Program Files\Common Files\Download Manager
2006-10-18 17:35 -------- d-------- C:\Program Files\Boilsoft AVI Converter
2006-10-18 17:15 -------- d-------- C:\Program Files\Common Files\AVSMedia
2006-10-18 17:14 -------- d-------- C:\Program Files\AVSMedia
2006-10-18 17:14 -------- d-------- C:\Program Files\Allok AVI MPEG Converter
2006-10-18 13:16 -------- d-------- C:\Program Files\Nero
2006-10-15 15:18 -------- d-------- C:\Documents and Settings\paddy\Application Data\Free Download Manager
2006-10-14 19:58 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-13 17:31 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-10-09 00:11 -------- d-------- C:\Documents and Settings\paddy\Application Data\Sun
2006-10-02 21:12 -------- d-------- C:\Program Files\Paddy Power Poker
2006-09-25 15:01 -------- d-------- C:\Documents and Settings\paddy\Application Data\deighan1
2006-09-23 10:39 -------- d-------- C:\Documents and Settings\paddy\Application Data\Rocky2t6
2006-09-20 00:12 2368 --a------ C:\WINDOWS\system32\SVKP.sys
2006-09-19 23:37 -------- d-------- C:\Documents and Settings\paddy\Application Data\Vso
2006-09-19 01:11 -------- d-------- C:\Documents and Settings\paddy\Application Data\Nero
2006-09-18 10:32 34 --a------ C:\Documents and Settings\paddy\Application Data\pcouffin.log
2006-09-18 10:31 81920 --a------ C:\Documents and Settings\paddy\Application Data\ezpinst.exe
2006-09-18 10:31 7176 --a------ C:\Documents and Settings\paddy\Application Data\pcouffin.cat
2006-09-18 10:31 47360 --a------ C:\Documents and Settings\paddy\Application Data\pcouffin.sys
2006-09-18 10:31 1144 --a------ C:\Documents and Settings\paddy\Application Data\pcouffin.inf
2006-09-18 10:31 -------- d-------- C:\Program Files\vso
2006-09-16 19:45 -------- d-------- C:\Program Files\Cucusoft
2006-09-16 17:43 -------- d-------- C:\Documents and Settings\paddy\Application Data\deighan
2006-09-15 11:01 -------- d-------- C:\Documents and Settings\paddy\Application Data\Roxio
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 19:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-12 19:02 -------- d-------- C:\Documents and Settings\paddy\Application Data\Samsung
2006-09-12 17:58 -------- d-------- C:\Program Files\Samsung
2006-09-12 17:58 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-11 23:27 -------- d-------- C:\Program Files\WinRAR
2006-09-11 22:22 -------- d-------- C:\Documents and Settings\paddy\Application Data\.ABC
2006-09-08 17:26 4222516 --a------ C:\ABC-win32-v3.1.exe
2006-09-05 20:31 448593 --ahs---- C:\WINDOWS\system32\yycdd.bak1
2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 12:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 09:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 11:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"RegistryMechanic"="C:\\Program Files\\Registry Mechanic\\RegMech.exe /QS"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NWEReboot"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the \'Scheduled Tasks\' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-11-10 18:46:19.00
C:\ComboFix.txt ... 06-11-10 18:46
C:\ComboFix2.txt ... 06-11-01 12:23[/font]
Post by: guestolo on November 11, 2006, 03:37:47 PM
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Find and delete this file
C:\WINDOWS\system32\yycdd.bak1 <file
Quote
Also roxio easy media creator keeps trying to install on my computer. anyway heres the reportIn your add/remove list
You appear to have
Roxio Easy Media Creator 7.5 Trial installed?
Is that what keeps trying to install, have you tried uninstalling it from add/remove programs?
Do you want it installed
It's only the trial version
We can use the Windows Cleanup utility to probably stop from reinstalling
Let me know the above please
Post by: deighan2004 on November 12, 2006, 12:11:27 PM
C:\WINDOWS\system32\yycdd.bak1 <file
Ive tried removing roxio from add/remove programs but it just says,
''could not open the Certificate Reading DLL''
then,
''there was a problem authenticating your version. Please make sure your system is set to the current date''
I dont think I can use roxio free version to burn dvd's so could we just remove it then please. Also when i right click my mouse to delete stuff from desktop or move to another folder roxio tries to install itself on my computer thats what i meant by it keeps trying to install itself.
i also cant remove 'Paddy Power Poker' for some reason even though it's not actually installed on my computer.
Cheerz guestolo [/font]
Post by: guestolo on November 12, 2006, 01:27:40 PM
Download>>Save and install Windows Installer Cleanup Utility (http://\"http://download.microsoft.com/download/e/9/d/e9d80355-7ab4-45b8-80e8-983a48d5e1bd/msicuu2.exe\")
After installation
Go to START>>Programs
Run Windows Install Cleanup Utility
Let me know what you see in the list referring to
ROXIO
Also, I doubt if you may find it, but see if Paddy Poker shows also
If it doesn't show
Can you open Hijackthis>>Open Misc tools section>>Open Uninstall manager
Highlight 'Paddy Power Poker'
On the right hand side
Copy>>paste back here the whole entry beside Uninstall Command
Post by: deighan2004 on November 13, 2006, 06:44:46 AM
''(All Users) Roxio Easy Media Creator 7.5 Trial (7.5.0.47)''
Should I remove this?
This is the paddy power in hijack this
C:\PROGRA~1\PADDYP~1\UNWISE.EXE C:\PROGRA~1\PADDYP~1\INSTALL.LOG
This is the roxio in hijack this
MsiExec.exe /I{BF39E1F8-2AFB-451F-BD19-AB9616B3BF74}
Wasnt sure if you wanted this again but heres the whole uninstall list, cheerz guestolo
µTorrent
32Red Poker
Ad-Aware SE Personal
Adobe Reader 7.0.5
Allok AVI MPEG Converter 2.0.2
AVG Anti-Spyware 7.5
AVG Anti-Virus 7.1
AVS Video Tools 5.3
Boilosft AVI to VCD SVCD DVD Converter 3.61
CleanUp!
Command & Conquer Tiberian Sun
ConvertXtoDVD 2.1.0
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
Dell ResourceCD
DivX
DivX Player
eMule
Football Manager 2005
HijackThis 1.99.1
Intel® PRO Network Adapters and Drivers
J2SE Runtime Environment 5.0 Update 9
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic DVD Creator Trial Version (English) 7.9.0.3
Microsoft Office Professional Edition 2003
MP3 Player Utilities 1.51
MSXML 4.0 SP2 (KB925672)
NVIDIA Windows 2000/XP Display Drivers
Pacific Poker
Paddy Power Poker
QuickSnooker
Registry Mechanic 5.2
Roxio Easy Media Creator 7.5 Trial
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem ^^
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sony Ericsson PC Suite
SoundMAX
SpeedTouch USB Software
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Westwood Shared Internet Components
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
ZoneAlarm Security Suite [/font]
Post by: guestolo on November 13, 2006, 02:01:01 PM
Copy>>paste the following in the open field
C:\PROGRA~1\PADDYP~1\UNWISE.EXE C:\PROGRA~1\PADDYP~1\INSTALL.LOG
Don't click OK yet
Instead, close all browser windows, including this one, then click OK
Does the program uninstall?
If not, we'll try manual method
Regardless of the above
Run Windows Install Cleanup utility again
Highlight ONLY
(All Users) Roxio Easy Media Creator 7.5 Trial (7.5.0.47)
Then click REMOVE
Reboot your computer
You should be able to remove the following folders
C:\Program Files\Roxio Easy Media Creator 7.5 ENG Trial
C:\Documents and Settings\paddy\Application Data\Roxio
Let me know if PaddyPoker uninstalled
Post by: deighan2004 on November 14, 2006, 07:01:52 AM
C:\PROGRA~1\PADDYP~1\UNWISE.EXE C:\PROGRA~1\PADDYP~1\INSTALL.LOG
Ran Windows Install Cleanup utility and removed
(All Users) Roxio Easy Media Creator 7.5 Trial (7.5.0.47)
Rebooted computer and removed
C:\Program Files\Roxio Easy Media Creator 7.5 ENG Trial
C:\Documents and Settings\paddy\Application Data\Roxio
This completely removed roxio but paddy power was still there so i removed paddypower using hijack this> misc tools > uninstall list and also removed it from program files so both paddypwer and roxio seem to have gone!!
The computer has speeded up a little but still cant get into thetechguide.com/forum. I have to use other peoples computers. I can get into thetechguide.com but when i click on forum it just gives me this message below:
Board Message
Sorry, an error occurred. If you are unsure on how to use a feature, or don't know why you got this error message, try looking through the help files for more information.
The error returned was:
Sorry, you are not permitted to use this board
You are not logged in, you may log in below
I try to log on but it doesnt change!! Thanks again for your help[/font]
Post by: guestolo on November 14, 2006, 01:33:34 PM
* Clean your Cache and Cookies in IE:
- Close all instances of IE or OE
- Go to Control Panel > Internet Options > General tab
- Click the "Delete Cookies" button
- Next to it, Click the "Delete Files" button
- When prompted, place a check in: "Delete all offline content", click OK
- Go to Tools > Options.
- Click Privacy in the menu on the left side of the Options window.
- Click the Clear button located to the right of each option (History, Cookies, Cache).
- Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
[/list]* Clean other Temporary files + Recycle bin
- Go to start > run and type:
- Let it scan your system for files to remove.
- Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
- Press OK to remove them.
You have CleanUp! installed>>Can you run it
Reboot the computer afterwards
Come back here and try and login, any luck?
You appear to have other user names to this forum
Do you have any trouble trying to login under another name?
Post by: deighan2004 on November 19, 2006, 02:12:56 PM
i was registered to this site before but i cant remember my user name, password or even what email i used!! Would that stop me getting on?
How does my computer look now is it pretty clean from viruses? It is running a bit slow at the minute dont know why. I bought nero7 and couldnt get it installed the guy in shop reluctantly gave me a new disc and said it would be viruses on my computer stopping it from installing properly do u think it would be ok to ry the new disc yet?
Post by: guestolo on November 19, 2006, 02:39:03 PM
Then try and login with the other computer
I'll ask Josetann to look at this post later
Also, for a double check
Use INTERNET EXPLORER
Run an online virus scan at Kaspersky's
Accept the prompt at the Welcome screen
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
***Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
***Scan Options:
Scan Archives
Scan Mail Bases
- Click OK
- Now under select a target to scan:
Select My Computer
- This program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
***Now click on the Save as Text button:
- Save the file to your desktop.
Also post a fresh Hijackthis log
Post by: deighan2004 on November 20, 2006, 10:45:12 AM
Thanks guestolo
Post by: deighan2004 on November 22, 2006, 10:19:03 AM
[font=\"Courier New\"]Logfile of HijackThis v1.99.1
Scan saved at 10:48:25, on 22/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\paddy\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [/font][font=\"Courier New\"]http://www.google.co.uk/[/font] (http://\"http://java%20script:ol(\")[font=\"Courier New\"]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Program Files\32RedMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [/font][font=\"Courier New\"]http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[/font] (http://\"http://java%20script:ol(\")[font=\"Courier New\"]
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - [/font][font=\"Courier New\"]http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab[/font] (http://\"http://java%20script:ol(\")[font=\"Courier New\"]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.Email (http://\"http://by111fd.bay111.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [/font][font=\"Courier New\"]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/font] (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")[font=\"Courier New\"]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [/font][font=\"Courier New\"]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/font] (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")[font=\"Courier New\"]
O17 - HKLM\System\CCS\Services\Tcpip\..\{39114087-D037-441A-86E4-FFAB57148C1B}: NameServer = 212.139.132.41 212.139.132.42
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 22, 2006 10:46:54 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/11/2006
Kaspersky Anti-Virus database records: 243745
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 54877
Number of viruses found: 2
Number of infected objects: 6 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:00:13
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\paddy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\paddy\Desktop\PAT UNIVERSITY\FINAL YEAR\New Folder\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\paddy\Desktop\PAT UNIVERSITY\FINAL YEAR\New Folder\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\paddy\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\paddy\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\paddy\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\paddy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\paddy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\paddy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\paddy\Local Settings\History\History.IE5\MSHist012006112120061122\index.dat Object is locked skipped
C:\Documents and Settings\paddy\Local Settings\History\History.IE5\MSHist012006112220061123\index.dat Object is locked skipped
C:\Documents and Settings\paddy\Local Settings\Temp\~DF729B.tmp Object is locked skipped
C:\Documents and Settings\paddy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\paddy\Local Settings\Temporary Internet Files\Content.IE5\KR3TTBZO\pacificpoker[1].exe Infected: not-a-virus:AdWare.Win32.Casino.r skipped
C:\Documents and Settings\paddy\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\paddy\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\MailBuddy.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\N-WLVCMW3HKQ19W.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F028F0BD-F621-43BB-ABA5-DE03FAA52AA0}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT00930.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0093d.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed. [/font]
Post by: deighan2004 on November 27, 2006, 07:35:39 AM
Post by: deighan2004 on November 28, 2006, 02:27:17 PM
Post by: deighan2004 on November 30, 2006, 11:15:59 AM
thanks very much
Post by: guestolo on December 03, 2006, 11:27:07 AM
how is everything on your end?
I noticed your running AVG antivirus and also running ZoneAlarm security suite
And it appears that Zonealarm has it's own AV
I don't recommend running more than one active AV's realtime protections in the background
This can cause system slowdowns and conflicts
Post by: deighan2004 on December 06, 2006, 09:31:18 AM
Still cant log onto this website from my home computre though.
thanks for the help
Post by: guestolo on December 06, 2006, 09:36:18 AM
I don't use ZA so you will have to check the help files
It may be interfering in you logging in here