Author Topic: Caught Hijackers and viruses (Read 3004 times)

scrappingmama · « **on:** May 14, 2006, 03:46:45 PM »

I am hopeful that you might be able to assist me with the issue I continue to have with my computer. Unfortunately, even with using Symantec Antivirus, we have caught another virus and a Hijacker. I've gotten rid of the virus by using Ewido but it seems to keep coming back. In safe mode, Ewido finds and gets rid of a lot of viruses. Adaware doesn't find anything in safe mode. In regular mode Adaware finds and cleans things but always has trouble with two files -- atmclk.exe and stdole3.tlb in the system32 folder. It tries to clean them on reboot but it doesn't appear to work. HiJack This has found some entries that I have been able to get rid of. I found two the I can remove in Safe mode but they always appears in regular mode and I can't get rid of them there. For now, it appears my viruses are going but not my hijacker which keeps taking me to www.systemuptodate.com with bogus virus alert info. I have run locate.bat and it returns an empty report. I have run CWShredder and it doesn't find anything. Anyway, that is the history. I am posting a copy of the Startdreck results and HiJackThis. Please let me know if there is anything you could assist me with. I would really appreciate it.

************** Startdreck.log *************
StartDreck (build 2.1.7 public stable) - 2006-05-14 @ 15:30:23 (GMT -05:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 1)
Internet Explorer: 6.0.2800.1106
Logged in as Owner at BIGMAMA

»Registry
»Files
»System/Drivers
»NT Services
*Alerter   Alerter   -   on demand
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Application Layer Gateway Service   ALG   -   on demand
`binary: C:\WINDOWS\System32\alg.exe
*Application Management   AppMgmt   -   on demand
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*ASP.NET State Service   aspnet_state   -   on demand
`binary: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
*Windows Audio   AudioSrv   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Background Intelligent Transfer Service   BITS   -   on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Computer Browser   Browser   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Indexing Service   CiSvc   -   on demand
`binary: C:\WINDOWS\system32\cisvc.exe
*ClipBook   ClipSrv   -   on demand
`binary: C:\WINDOWS\system32\clipsrv.exe
*COM+ System Application   COMSysApp   -   on demand
`binary: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
*Cryptographic Services   CryptSvc   running   auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*DefWatch   DefWatch   running   auto
`binary: C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
*DHCP Client   Dhcp   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Logical Disk Manager Administrative Service   dmadmin   -   on demand
`binary: C:\WINDOWS\System32\dmadmin.exe /com
*Logical Disk Manager   dmserver   -   on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*DNS Client   Dnscache   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k NetworkService
*EPSON Printer Status Agent2   EPSONStatusAgent2   running   auto
`binary: C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
*Error Reporting Service   ERSvc   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Event Log   Eventlog   running   auto
`binary: C:\WINDOWS\system32\services.exe
*COM+ Event System   EventSystem   running   on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*ewido security suite control   ewido security suite   running   auto
`binary: C:\Program Files\ewido\security suite\ewidoctrl.exe
*Fast User Switching Compatibility   FastUserSwitchingCom   running   on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Fax   Fax   -   on demand
`binary: C:\WINDOWS\system32\fxssvc.exe
*Help and Support   helpsvc   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Human Interface Device Access   HidServ   -   disabled
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*InstallDriver Table Manager   IDriverT   -   on demand
`binary: C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
*IMAPI CD-Burning COM Service   ImapiService   -   on demand
`binary: C:\WINDOWS\System32\imapi.exe
*Iomega Activity Disk2   Iomega Activity Disk   -   disabled
`binary: ""
*Iomega App Services   Iomega App Services   running   auto
`binary: "C:\PROGRA~1\Iomega\System32\AppServices.exe"
*iPodService   iPodService   running   on demand
`binary: C:\Program Files\iPod\bin\iPodService.exe
*Server   lanmanserver   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Workstation   lanmanworkstation   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*TCP/IP NetBIOS Helper   LmHosts   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Messenger   Messenger   -   on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*NetMeeting Remote Desktop Sharing   mnmsrvc   -   on demand
`binary: C:\WINDOWS\System32\mnmsrvc.exe
*Distributed Transaction Coordinator   MSDTC   -   on demand
`binary: C:\WINDOWS\System32\msdtc.exe
*Windows Installer   MSIServer   -   on demand
`binary: C:\WINDOWS\System32\msiexec.exe /V
*Network DDE   NetDDE   -   on demand
`binary: C:\WINDOWS\system32\netdde.exe
*Network DDE DSDM   NetDDEdsdm   -   on demand
`binary: C:\WINDOWS\system32\netdde.exe
*Net Logon   Netlogon   -   on demand
`binary: C:\WINDOWS\System32\lsass.exe
*Network Connections   Netman   running   on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Network Location Awareness (NLA)   Nla   running   on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Symantec AntiVirus Client   Norton AntiVirus Ser   running   auto
`binary: C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
*NT LM Security Support Provider   NtLmSsp   -   on demand
`binary: C:\WINDOWS\System32\lsass.exe
*Removable Storage   NtmsSvc   -   on demand
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*NVIDIA Driver Helper Service   NVSvc   -   auto
`binary: C:\WINDOWS\System32\nvsvc32.exe
*Office Source Engine   ose   -   on demand
`binary: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
*Plug and Play   PlugPlay   running   auto
`binary: C:\WINDOWS\system32\services.exe
*IPSEC Services   PolicyAgent   running   auto
`binary: C:\WINDOWS\System32\lsass.exe
*Protected Storage   ProtectedStorage   running   auto
`binary: C:\WINDOWS\system32\lsass.exe
*Remote Access Auto Connection Manager   RasAuto   -   disabled
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Remote Access Connection Manager   RasMan   running   on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Remote Desktop Help Session Manager   RDSessMgr   -   on demand
`binary: C:\WINDOWS\system32\sessmgr.exe
*Routing and Remote Access   RemoteAccess   -   disabled
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Remote Procedure Call (RPC) Locator   RpcLocator   -   on demand
`binary: C:\WINDOWS\System32\locator.exe
*Remote Procedure Call (RPC)   RpcSs   running   auto
`binary: C:\WINDOWS\system32\svchost -k rpcss
*QoS RSVP   RSVP   -   on demand
`binary: C:\WINDOWS\System32\rsvp.exe
*Security Accounts Manager   SamSs   running   auto
`binary: C:\WINDOWS\system32\lsass.exe
*Smart Card Helper   SCardDrv   -   on demand
`binary: C:\WINDOWS\System32\SCardSvr.exe
*Smart Card   SCardSvr   -   on demand
`binary: C:\WINDOWS\System32\SCardSvr.exe
*Task Scheduler   Schedule   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Secondary Logon   seclogon   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*System Event Notification   SENS   running   auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Internet Connection Firewall (ICF) / Internet C   SharedAccess   -   on demand
`onnection Sharing (ICS)
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Shell Hardware Detection   ShellHWDetection   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Symantec Network Drivers Service   SNDSrvc   -   on demand
`binary: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
*Print Spooler   Spooler   running   auto
`binary: C:\WINDOWS\system32\spoolsv.exe
*System Restore Service   srservice   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*SSDP Discovery Service   SSDPSRV   running   on demand
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Windows Image Acquisition (WIA)   stisvc   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k imgsvc
*MS Software Shadow Copy Provider   SwPrv   -   on demand
`binary: C:\WINDOWS\System32\dllhost.exe /Processid:{80A0071B-FFF9-443D-ACBC-93ACFC851833}
*Performance Logs and Alerts   SysmonLog   -   on demand
`binary: C:\WINDOWS\system32\smlogsvc.exe
*Telephony   TapiSrv   running   on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Terminal Services   TermService   running   on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Themes   Themes   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Distributed Link Tracking Client   TrkWks   running   auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Windows User Mode Driver Framework   UMWdf   running   auto
`binary: C:\WINDOWS\System32\wdfmgr.exe
*Upload Manager   uploadmgr   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Universal Plug and Play Device Host   upnphost   -   on demand
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Uninterruptible Power Supply   UPS   -   on demand
`binary: C:\WINDOWS\System32\ups.exe
*Volume Shadow Copy   VSS   -   on demand
`binary: C:\WINDOWS\System32\vssvc.exe
*Windows Time   W32Time   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*WebClient   WebClient   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Windows Management Instrumentation   winmgmt   running   auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Portable Media Serial Number Service   WmdmPmSN   -   on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*WMI Performance Adapter   WmiApSrv   -   on demand
`binary: C:\WINDOWS\System32\wbem\wmiapsrv.exe
*Automatic Updates   wuauserv   running   auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Wireless Zero Configuration   WZCSVC   running   auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Iomega Active Disk   _IOMEGA_ACTIVE_DISK_   running   auto
`binary: "C:\Program Files\Iomega\AutoDisk\ADService.exe"
»NT Kernel- and FS-drivers
*Abiosdsk   Abiosdsk   -   disabled
`binary:
*abp480n5   abp480n5   -   disabled
`binary:
*Microsoft ACPI Driver   ACPI   running   boot
`binary: \SystemRoot\System32\DRIVERS\ACPI.sys
*ACPIEC   ACPIEC   -   disabled
`binary:
*adpu160m   adpu160m   -   disabled
`binary:
*Microsoft Kernel Acoustic Echo Canceller   aec   -   on demand
`binary: system32\drivers\aec.sys
*AFD Networking Support Environment   AFD   running   auto
`binary: \SystemRoot\System32\drivers\afd.sys
*AFS2K   AFS2K   running   system
`binary:
*Intel AGP Bus Filter   agp440   running   boot
`binary: \SystemRoot\System32\DRIVERS\agp440.sys
*Aha154x   Aha154x   -   disabled
`binary:
*aic78u2   aic78u2   -   disabled
`binary:
*aic78xx   aic78xx   -   disabled
`binary:
*Service for Realtek AC97 Audio (WDM)   ALCXWDM   running   on demand
`binary: system32\drivers\ALCXWDM.SYS
*AliIde   AliIde   -   disabled
`binary:
*AMD K7 Processor Driver   AmdK7   -   system
`binary: System32\DRIVERS\amdk7.sys
*amsint   amsint   -   disabled
`binary:
*1394 ARP Client Protocol   Arp1394   running   on demand
`binary: System32\DRIVERS\arp1394.sys
*asc   asc   -   disabled
`binary:
*asc3350p   asc3350p   -   disabled
`binary:
*asc3550   asc3550   -   disabled
`binary:
*RAS Asynchronous Media Driver   AsyncMac   running   on demand
`binary: System32\DRIVERS\asyncmac.sys
*Standard IDE/ESDI Hard Disk Controller   atapi   running   boot
`binary: \SystemRoot\System32\DRIVERS\atapi.sys
*Atdisk   Atdisk   -   disabled
`binary:
*ATM ARP Client Protocol   Atmarpc   -   on demand
`binary: System32\DRIVERS\atmarpc.sys
*Audio Stub Driver   audstub   running   on demand
`binary: System32\DRIVERS\audstub.sys
*Beep   Beep   running   system
`binary:
*Usbscan.Sys   BulkUsb   -   on demand
`binary: System32\Drivers\usbscan.sys
*cbidf2k   cbidf2k   -   disabled
`binary:
*Closed Caption Decoder   CCDECODE   -   on demand
`binary: System32\DRIVERS\CCDECODE.sys
*cd20xrnt   cd20xrnt   -   disabled
`binary:
*Cdaudio   Cdaudio   -   system
`binary:
*Cdfs   Cdfs   running   disabled
`binary:
*CD-ROM Driver   Cdrom   running   system
`binary: System32\DRIVERS\cdrom.sys
*Changer   Changer   -   system
`binary:
*CmdIde   CmdIde   -   disabled
`binary:
*Cpqarray   Cpqarray   -   disabled
`binary:
*dac960nt   dac960nt   -   disabled
`binary:
*Disk Driver   Disk   running   boot
`binary: \SystemRoot\System32\DRIVERS\disk.sys
*dmboot   dmboot   -   disabled
`binary: System32\drivers\dmboot.sys
*dmio   dmio   -   disabled
`binary: System32\drivers\dmio.sys
*dmload   dmload   -   disabled
`binary: System32\drivers\dmload.sys
*Microsoft Kernel DLS Syntheiszer   DMusic   -   on demand
`binary: system32\drivers\DMusic.sys
*dpti2o   dpti2o   -   disabled
`binary:
*Microsoft Kernel DRM Audio Descrambler   drmkaud   -   on demand
`binary: system32\drivers\drmkaud.sys
*Fastfat   Fastfat   running   disabled
`binary:
*fasttx2k   fasttx2k   running   boot
`binary: \SystemRoot\System32\DRIVERS\fasttx2k.sys
*Floppy Disk Controller Driver   Fdc   running   on demand
`binary: System32\DRIVERS\fdc.sys
*VIA Rhine Family Fast Ethernet Adapter Driver S   FETNDISB   running   on demand
`ervice
`binary: System32\DRIVERS\fetnd5b.sys
*Fips   Fips   running   system
`binary:
*Floppy Disk Driver   Flpydisk   running   on demand
`binary: System32\DRIVERS\flpydisk.sys
*Volume Manager Driver   Ftdisk   running   boot
`binary: \SystemRoot\System32\DRIVERS\ftdisk.sys
*GEARAspiWDM   GEARAspiWDM   running   on demand
`binary: System32\Drivers\GEARAspiWDM.sys
*Generic Packet Classifier   Gpc   running   on demand
`binary: System32\DRIVERS\msgpc.sys
*Microsoft HID Class Driver   HidUsb   -   on demand
`binary: System32\DRIVERS\hidusb.sys
*hpn   hpn   -   disabled
`binary:
*i2omgmt   i2omgmt   -   system
`binary:
*i2omp   i2omp   -   disabled
`binary:
*i8042 Keyboard and PS/2 Mouse Port Driver   i8042prt   running   system
`binary: System32\DRIVERS\i8042prt.sys
*ialm   ialm   -   on demand
`binary: System32\DRIVERS\ialmnt5.sys
*CD-Burning Filter Driver   Imapi   running   system
`binary: System32\DRIVERS\imapi.sys
*ini910u   ini910u   -   disabled
`binary:
*IntelIde   IntelIde   -   disabled
`binary: \SystemRoot\System32\DRIVERS\intelide.sys
*Iomega Devices Disk Filter Services   iomdisk   running   boot
`binary: \SystemRoot\System32\DRIVERS\iomdisk.sys
*IP Traffic Filter Driver   IpFilterDriver   -   on demand
`binary: System32\DRIVERS\ipfltdrv.sys
*IP in IP Tunnel Driver   IpInIp   -   on demand
`binary: System32\DRIVERS\ipinip.sys
*IP Network Address Translator   IpNat   -   on demand
`binary: System32\DRIVERS\ipnat.sys
*IPSEC driver   IPSec   running   system
`binary: System32\DRIVERS\ipsec.sys
*IR Enumerator Service   IRENUM   -   on demand
`binary: System32\DRIVERS\irenum.sys
*PnP ISA/EISA Bus Driver   isapnp   running   boot
`binary: \SystemRoot\System32\DRIVERS\isapnp.sys
*Keyboard Class Driver   Kbdclass   running   system
`binary: System32\DRIVERS\kbdclass.sys
*Microsoft Kernel Wave Audio Mixer   kmixer   running   on demand
`binary: system32\drivers\kmixer.sys
*KSecDD   KSecDD   running   boot
`binary:
*lbrtfdc   lbrtfdc   -   system
`binary:
*ltmdmntc   ltmdmntc   -   auto
`binary: \??\C:\WINDOWS\System32\drivers\ltmdmntc.sys
*Agere Modem Driver   ltmodem5   running   on demand
`binary: System32\DRIVERS\ltmdmnt.sys
*mnmdd   mnmdd   running   system
`binary:
*Modem   Modem   running   on demand
`binary:
*Mouse Class Driver   Mouclass   running   system
`binary: System32\DRIVERS\mouclass.sys
*MountMgr   MountMgr   running   boot
`binary:
*mraid35x   mraid35x   -   disabled
`binary:
*mrtRate   mrtRate   -   auto
`binary:
*WebDav Client Redirector   MRxDAV   running   on demand
`binary: System32\DRIVERS\mrxdav.sys
*MRxSmb   MRxSmb   running   system
`binary: System32\DRIVERS\mrxsmb.sys
*Msfs   Msfs   running   system
`binary:
*Microsoft Streaming Service Proxy   MSKSSRV   -   on demand
`binary: system32\drivers\MSKSSRV.sys
*Microsoft Streaming Clock Proxy   MSPCLOCK   -   on demand
`binary: system32\drivers\MSPCLOCK.sys
*Microsoft Streaming Quality Manager Proxy   MSPQM   -   on demand
`binary: system32\drivers\MSPQM.sys
*Microsoft Streaming Tee/Sink-to-Sink Converter   MSTEE   -   on demand
`binary: system32\drivers\MSTEE.sys
*Mup   Mup   running   boot
`binary:
*MxlW2k   MxlW2k   running   on demand
`binary:
*NABTS/FEC VBI Codec   NABTSFEC   -   on demand
`binary: System32\DRIVERS\NABTSFEC.sys
*NAVAP   NAVAP   running   on demand
`binary: \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
*NAVAPEL   NAVAPEL   running   auto
`binary: \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
*NAVENG   NAVENG   running   on demand
`binary: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060510.019\NAVENG.sys
*NAVEX15   NAVEX15   running   on demand
`binary: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060510.019\NAVEX15.sys
*NDIS System Driver   NDIS   running   boot
`binary:
*Microsoft TV/Video Connection   NdisIP   -   on demand
`binary: System32\DRIVERS\NdisIP.sys
*Remote Access NDIS TAPI Driver   NdisTapi   running   on demand
`binary: System32\DRIVERS\ndistapi.sys
*NDIS Usermode I/O Protocol   Ndisuio   running   on demand
`binary: System32\DRIVERS\ndisuio.sys
*Remote Access NDIS WAN Driver   NdisWan   running   on demand
`binary: System32\DRIVERS\ndiswan.sys
*NDIS Proxy   NDProxy   running   on demand
`binary:
*NetBIOS Interface   NetBIOS   running   system
`binary: System32\DRIVERS\netbios.sys
*NetBT   NetBT   running   system
`binary: System32\DRIVERS\netbt.sys
*1394 Net Driver   NIC1394   running   on demand
`binary: System32\DRIVERS\nic1394.sys
*Npfs   Npfs   running   system
`binary:
*Ntfs   Ntfs   running   disabled
`binary:
*Null   Null   running   system
`binary:
*nv   nv   -   on demand
`binary: System32\DRIVERS\nv4_mini.sys
*nVidia WDM Video Capture (universal)   nvcap   -   auto
`binary: System32\DRIVERS\nvcap.sys
*nVidia WDM A/V Crossbar   NVXBAR   -   auto
`binary: System32\DRIVERS\NVxbar.sys
*NVIDIA nForce AGP Bus Filter   nv_agp   running   boot
`binary: \SystemRoot\System32\DRIVERS\nv_agp.sys
*IPX Traffic Filter Driver   NwlnkFlt   -   on demand
`binary: System32\DRIVERS\nwlnkflt.sys
*IPX Traffic Forwarder Driver   NwlnkFwd   -   on demand
`binary: System32\DRIVERS\nwlnkfwd.sys
*NWLink IPX/SPX/NetBIOS Compatible Transport Pro   NwlnkIpx   running   auto
`tocol
`binary: System32\DRIVERS\nwlnkipx.sys
*NWLink NetBIOS   NwlnkNb   running   auto
`binary: System32\DRIVERS\nwlnknb.sys
*NWLink SPX/SPXII Protocol   NwlnkSpx   running   auto
`binary: System32\DRIVERS\nwlnkspx.sys
*VIA OHCI Compliant IEEE 1394 Host Controller   ohci1394   running   boot
`binary: \SystemRoot\System32\DRIVERS\ohci1394.sys
*Parallel port driver   Parport   running   on demand
`binary: System32\DRIVERS\parport.sys
*PartMgr   PartMgr   running   boot
`binary:
*ParVdm   ParVdm   running   auto
`binary:
*PCI Bus Driver   PCI   running   boot
`binary: \SystemRoot\System32\DRIVERS\pci.sys
*PCIDump   PCIDump   -   system
`binary:
*PCIIde   PCIIde   running   boot
`binary: \SystemRoot\System32\DRIVERS\pciide.sys
*Pcmcia   Pcmcia   -   disabled
`binary:
*PDCOMP   PDCOMP   -   on demand
`binary:
*PDFRAME   PDFRAME   -   on demand
`binary:
*PDRELI   PDRELI   -   on demand
`binary:
*PDRFRAME   PDRFRAME   -   on demand
`binary:
*perc2   perc2   -   disabled
`binary:
*perc2hib   perc2hib   -   disabled
`binary:
*Padus ASPI Shell   pfc   running   on demand
`binary: system32\drivers\pfc.sys
*Iomega Parallel Port Legacy Filter Driver   ppa3   running   boot
`binary: \SystemRoot\System32\DRIVERS\ppa3.sys
*WAN Miniport (PPTP)   PptpMiniport   running   on demand
`binary: System32\DRIVERS\raspptp.sys
*Processor Driver   Processor   running   system
`binary: System32\DRIVERS\processr.sys
*Ps2   Ps2   running   on demand
`binary: System32\DRIVERS\PS2.sys
*QoS Packet Scheduler   PSched   running   on demand
`binary: System32\DRIVERS\psched.sys
*Direct Parallel Link Driver   Ptilink   running   on demand
`binary: System32\DRIVERS\ptilink.sys
*PxHelp20   PxHelp20   running   boot
`binary: \SystemRoot\System32\DRIVERS\PxHelp20.sys
*ql1080   ql1080   -   disabled
`binary:
*Ql10wnt   Ql10wnt   -   disabled
`binary:
*ql12160   ql12160   -   disabled
`binary:
*ql1240   ql1240   -   disabled
`binary:
*ql1280   ql1280   -   disabled
`binary:
*Remote Access Auto Connection Driver   RasAcd   running   system
`binary: System32\DRIVERS\rasacd.sys
*WAN Miniport (L2TP)   Rasl2tp   running   on demand
`binary: System32\DRIVERS\rasl2tp.sys
*Remote Access PPPOE Driver   RasPppoe   running   on demand
`binary: System32\DRIVERS\raspppoe.sys
*Direct Parallel   Raspti   running   on demand
`binary: System32\DRIVERS\raspti.sys
*Rdbss   Rdbss   running   system
`binary: System32\DRIVERS\rdbss.sys
*RDPCDD   RDPCDD   running   system
`binary: System32\DRIVERS\RDPCDD.sys
*RDPWD   RDPWD   -   on demand
`binary:
*Digital CD Audio Playback Filter Driver   redbook   running   system
`binary: System32\DRIVERS\redbook.sys
*Realtek RTL8139/810x Family Fast Ethernet NIC N   rtl8139   -   on demand
`T Driver
`binary: System32\DRIVERS\R8139n51.SYS
*S3Psddr   S3Psddr   -   on demand
`binary: System32\DRIVERS\s3gnbm.sys
*Secdrv   Secdrv   -   on demand
`binary: System32\DRIVERS\secdrv.sys
*Serenum Filter Driver   Serenum   running   on demand
`binary: System32\DRIVERS\serenum.sys
*Serial port driver   Serial   running   system
`binary: System32\DRIVERS\serial.sys
*Sfloppy   Sfloppy   -   system
`binary:
*Simbad   Simbad   -   disabled
`binary:
*SiS315   SiS315   -   on demand
`binary: System32\DRIVERS\sisgrp.sys
*SiS AGP Filter   SISAGP   running   boot
`binary: \SystemRoot\System32\DRIVERS\SISAGPX.sys
*SiSkp   SiSkp   running   system
`binary: System32\DRIVERS\srvkp.sys
*BDA Slip De-Framer   SLIP   -   on demand
`binary: System32\DRIVERS\SLIP.sys
*Sparrow   Sparrow   -   disabled
`binary:
*Microsoft Kernel Audio Splitter   splitter   -   on demand
`binary: system32\drivers\splitter.sys
*ViviCam 35   SQTECH905C   -   on demand
`binary: System32\Drivers\Capt905c.sys
*System Restore Filter Driver   sr   running   boot
`binary: \SystemRoot\System32\DRIVERS\sr.sys
*Srv   Srv   running   on demand
`binary: System32\DRIVERS\srv.sys
*BDA IPSink   streamip   -   on demand
`binary: System32\DRIVERS\StreamIP.sys
*Software Bus Driver   swenum   running   on demand
`binary: System32\DRIVERS\swenum.sys
*Microsoft Kernel GS Wavetable Synthesizer   swmidi   -   on demand
`binary: system32\drivers\swmidi.sys
*symc810   symc810   -   disabled
`binary:
*symc8xx   symc8xx   -   disabled
`binary:
*SYMDNS   SYMDNS   -   on demand
`binary: \SystemRoot\System32\Drivers\SYMDNS.SYS
*SymEvent   SymEvent   running   on demand
`binary: \??\C:\Program Files\Symantec\SYMEVENT.SYS
*SYMFW   SYMFW   -   on demand
`binary: \SystemRoot\System32\Drivers\SYMFW.SYS
*SYMIDS   SYMIDS   -   on demand
`binary: \SystemRoot\System32\Drivers\SYMIDS.SYS
*SYMIDSCO   SYMIDSCO   -   on demand
`binary: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050303.027\symidsco.sys
*SYMNDIS   SYMNDIS   -   on demand
`binary: \SystemRoot\System32\Drivers\SYMNDIS.SYS
*SYMREDRV   SYMREDRV   -   on demand
`binary: \SystemRoot\System32\Drivers\SYMREDRV.SYS
*SYMTDI   SYMTDI   running   system
`binary: \SystemRoot\System32\Drivers\SYMTDI.SYS
*sym_hi   sym_hi   -   disabled
`binary:
*sym_u3   sym_u3   -   disabled
`binary:
*Microsoft Kernel System Audio Device   sysaudio   running   on demand
`binary: system32\drivers\sysaudio.sys
*TCP/IP Protocol Driver   Tcpip   running   system
`binary: System32\DRIVERS\tcpip.sys
*TDPIPE   TDPIPE   -   on demand
`binary:
*TDTCP   TDTCP   -   on demand
`binary:
*Terminal Device Driver   TermDD   running   system
`binary: System32\DRIVERS\termdd.sys
*TosIde   TosIde   -   disabled
`binary:
*Udfs   Udfs   -   disabled
`binary:
*ultra   ultra   -   disabled
`binary:
*Microcode Update Driver   Update   running   on demand
`binary: System32\DRIVERS\update.sys
*Microsoft USB 2.0 Enhanced Host Controller Mini   usbehci   running   on demand
`port Driver
`binary: System32\DRIVERS\usbehci.sys
*Microsoft USB Standard Hub Driver   usbhub   running   on demand
`binary: System32\DRIVERS\usbhub.sys
*Microsoft USB Open Host Controller Miniport Dri   usbohci   -   on demand
`ver
`binary: System32\DRIVERS\usbohci.sys
*Microsoft USB PRINTER Class   usbprint   running   on demand
`binary: System32\DRIVERS\usbprint.sys
*USB Scanner Driver   usbscan   running   on demand
`binary: System32\DRIVERS\usbscan.sys
*USB Mass Storage Driver   USBSTOR   running   on demand
`binary: System32\DRIVERS\USBSTOR.SYS
*Microsoft USB Universal Host Controller Minipor   usbuhci   running   on demand
`t Driver
`binary: System32\DRIVERS\usbuhci.sys
*VgaSave   VgaSave   running   system
`binary: \SystemRoot\System32\drivers\vga.sys
*VIA AGP Filter   viaagp1   running   boot
`binary: \SystemRoot\System32\DRIVERS\viaagp1.sys
*viagfx   viagfx   running   on demand
`binary: System32\DRIVERS\vtmini.sys
*ViaIde   ViaIde   running   boot
`binary: \SystemRoot\System32\DRIVERS\viaide.sys
*VolSnap   VolSnap   running   boot
`binary:
*WINBOND W55U01 USB   W55U01   -   auto
`binary: System32\Drivers\W55U01.sys
*Remote Access IP ARP Driver   Wanarp   running   on demand
`binary: System32\DRIVERS\wanarp.sys
*WDICA   WDICA   -   on demand
`binary:
*Microsoft WINMM WDM Audio Compatibility Driver   wdmaud   running   on demand
`binary: system32\drivers\wdmaud.sys
*Windows Socket 2.0 Non-IFS Service Provider Sup   WS2IFSL   -   on demand
`port Environment
`binary: \SystemRoot\System32\drivers\ws2ifsl.sys
*World Standard Teletext Codec   WSTCODEC   -   on demand
`binary: System32\DRIVERS\WSTCODEC.SYS
*X4HS32   X4HS32   running   auto
`binary: \??\C:\Program Files\EXEtender\X4HS32.Sys
*Intel® Graphics Platform (SoftBIOS) Driver   {6080A529-897E-4629-   -   on demand
`binary: system32\drivers\ialmsbw.sys
*Intel® Graphics Chipset (KCH) Driver   {D31A0762-0CEB-444e-   -   on demand
`binary: system32\drivers\ialmkchw.sys
»Application specific

*********** HiJack This Log ***********
Logfile of HijackThis v1.99.1
Scan saved at 3:30:29 PM, on 5/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp1C96.tmp
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart.com/photo/uploads/WebUploadClient.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Thanks!

guestolo · « **Reply #1 on:** May 14, 2006, 05:00:55 PM »

Please download [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

[color=\"#3366FF\"]Note[/color] : [color=\"#FF0000\"]process.exe[/color] [color=\"#3366FF\"]is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.[/color]

scrappingmama · « **Reply #2 on:** May 14, 2006, 05:18:44 PM »

Thanks for the quick response. Here is the smitfraud report --
SmitFraudFix v2.44

Scan done at 17:16:53.00, Sun 05/14/2006
Run from C:\Documents and Settings\Owner\Desktop\GetRidofHijackers\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp?

.tmp FOUND !
C:\WINDOWS\system32\ld?

.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\shdocsvc.dll FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Security Toolbar\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8e99f990-b75a-4568-b3c8-24cbc8cbbfc1}"="AutoDisc Ware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{64ba30a2-811a-4597-b0af-d551128be340}"="AppManager"

[HKEY_CLASSES_ROOT\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
@="C:\WINDOWS\System32\appmagr.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
@="C:\WINDOWS\System32\appmagr.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

I am currrently running Panda Activescan as well.

guestolo · « **Reply #3 on:** May 14, 2006, 05:39:30 PM »

Quote

I am currrently running Panda Activescan as well.

OK, well then, what I need you to do
AFTER the Panda scan is complete
click See Report, then click Save Report and save it to your Desktop.

Come back here and post the report from Panda's

Also,Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Let's see if it's changed at all

I'm stepping out for a bit, after you post those logs, don't run any other scanners till I have a chance to see them please

scrappingmama · « **Reply #4 on:** May 14, 2006, 07:52:08 PM »

Sorry, I thought Panda was just going to do a scan. I didn't know it would interfere with your recommendations. Here is the most recent Smitfraudfix --
SmitFraudFix v2.44

Scan done at 19:48:41.34, Sun 05/14/2006
Run from C:\Documents and Settings\Owner\Desktop\GetRidofHijackers\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp?

.tmp FOUND !
C:\WINDOWS\system32\ld?

.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\shdocsvc.dll FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8e99f990-b75a-4568-b3c8-24cbc8cbbfc1}"="AutoDisc Ware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{64ba30a2-811a-4597-b0af-d551128be340}"="AppManager"

[HKEY_CLASSES_ROOT\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
@="C:\WINDOWS\System32\appmagr.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
@="C:\WINDOWS\System32\appmagr.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End

***** And here is the Panda Report *****

Incident Status Location

Adware:Adware/Puper Not disinfected C:\WINDOWS\System32\ld5DCF.tmp
Adware:adware/emediacodec Not disinfected c:\windows\system32\atmclk.exe
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Dialer:dialer.baj Not disinfected c:\x.cab
Adware:adware/spywarequake Not disinfected c:\windows\system32\1024\ld5BC5.tmp
Adware:adware program Not disinfected c:\windows\ss3unstl.exe
Adware:adware/yoursearchengine Not disinfected c:\windows\system32\config\systemprofile\favorites\ REMOVE SPYWARE.url
Potentially unwanted tool:application/myway Not disinfected c:\program files\MySearch
Adware:adware/savenow Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\GetRidofHijackers\smitfraudfix\SmitfraudFix\Process.exe
Dialer:Dialer.FGG Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\dddkjpmd.exe
Virus:Exploit/Codebase.X Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DK83XPWP\targ[1].chm[/target.htm]
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DK83XPWP\targ[1].chm[/win32.exe]
Dialer:Dialer.NO Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M0PNBYDZ\gdnUS2218[1].exe
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Adware:Adware/PurityScan Not disinfected C:\RECYCLER\S-1-5-21-3529106849-479641835-784988016-500\Dc19.exe
Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.INF
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\1024\ld6C08.tmp
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\1024\ld9B90.tmp
Adware:Adware/Puper Not disinfected C:\WINDOWS\system32\regperf.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\shdocsvc.dll
Dialer:Dialer.FGG Not disinfected C:\WINDOWS\Temp\dbddjpmd.exe
Thanks!

guestolo · « **Reply #5 on:** May 14, 2006, 10:41:03 PM »

Quote

Sorry, I thought Panda was just going to do a scan. I didn't know it would interfere with your recommendations

No, it didn't interfere, but gave me a good idea of what it removes before we run the below tools

Can you do the following please, let's see what we can clean
==Download and install Windows CleanUp! 4.5.1
If you have an older version of CleanUp!, remove it please before installing this newer version
DO NOT use an older version of CleanUp!

Open Ewido Anti-Malware
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work
Manually update with this link
http://www.ewido.net/en/download/updates/

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu

In safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
DECLINE to Log off or Restart the computer

==Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default they are also saved at C:\rapport.txt

If a reboot was required, reboot back to safe mode
If it wasn't required, remain in safe mode

Open Ewido Anti-Malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to the desktop or someplace you will remember
Exit Ewido
NOTE: When Ewido is running, don't open any other windows, let it run uninterrupted

Do a "System scan only" with Hijackthis and put a check next to these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp1C96.tmp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer afterwards back to Normal mode

Come back here and post the following please
1. Run another Scan and Save logfile with hijackthis log and post a fresh log
2. Post the whole report from Ewido's

scrappingmama · « **Reply #6 on:** May 15, 2006, 11:32:54 AM »

Things are functioning much better now. I ran HiJack This in safe mode, but by that time the R0 and O2 entries were gone. I think it was the Cleanup or Ewido. I removed the O4 entries. Here are the logs --

******************
Logfile of HijackThis v1.99.1
Scan saved at 11:28:58 AM, on 5/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\HijackThis.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart.com/photo/uploads/WebUploadClient.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

********************
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         11:24:20 AM, 5/15/2006
+ Report-Checksum:      4D298300

+ Scan result:

   C:\HJT\backups\backup-20060511-195322-805.dll -> Downloader.Zlob.of : Cleaned with backup
   C:\HJT\backups\backup-20060511-195343-270.dll -> Downloader.Zlob.of : Cleaned with backup
   C:\HJT\backups\backup-20060511-210151-996.dll -> Downloader.Zlob.of : Cleaned with backup
   C:\HJT\backups\backup-20060511-210211-464.dll -> Downloader.Zlob.of : Cleaned with backup
   C:\HJT\backups\backup-20060511-210232-397.dll -> Downloader.Zlob.of : Cleaned with backup
   C:\HJT\backups\backup-20060511-221808-123.dll -> Downloader.Zlob.of : Cleaned with backup
   C:\HJT\backups\backup-20060511-221816-686.dll -> Downloader.Zlob.of : Cleaned with backup
   C:\HJT\backups\backup-20060511-223846-298.dll -> Downloader.Zlob.of : Cleaned with backup
   C:\HJT\backups\backup-20060512-064845-855.dll -> Downloader.Zlob.of : Cleaned with backup
   C:\HJT\backups\backup-20060512-070220-803.dll -> Downloader.Zlob.of : Cleaned with backup

::Report End

************************
SmitFraudFix v2.44

Scan done at 9:50:43.85, Mon 05/15/2006
Run from C:\Documents and Settings\Owner\Desktop\GetRidofHijackers\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp?

.tmp Deleted
C:\WINDOWS\system32\ld?

.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\shdocsvc.dll Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

guestolo · « **Reply #7 on:** May 15, 2006, 12:53:31 PM »

Can you find and delete the following files and folder please
c:\x.cab <-file
c:\windows\ss3unstl.exe <-file
c:\windows\system32\config\systemprofile\favorites\ REMOVE SPYWARE.url <-file

c:\program files\MySearch <-folder

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.INF <-this file also, if you have a hard time finding that file
Do the following please, close Explorer

Go to START>>RUN>>copy and paste the following into the open field and hit OK

regsvr32 /u occache.dll

This should make the file visible, now try and find and delete MediaTicketsInstaller.INF

Afterwards, we need to reregister occache.dll
Copy and paste the following into the Run command and hit OK

regsvr32 occache.dll

Let me know if you were able to complete all the above steps
Then we'll just do some final cleanup
Can you also supply me with a Uninstall list from Hijackthis please
Open Hijackthis>>Open Misc tools section>>Open Uninstall Manager
Click the SAVE LIST button
Save this list too your desktop then copy and paste back here the whole contents please

scrappingmama · « **Reply #8 on:** May 15, 2006, 01:01:39 PM »

Okay, I completed everything. I saved the file from HiJack This. You can tell this computer is used for children's games. :-)

Here it is --
"Doras Carnival Adventure (remove only)"
"Nick Video Jigsaw Jam (remove only)"
3D Groove Playback Engine
5 Spots II (remove only)
A Series of Unfortunate Events (remove only)
Active Disk
Ad-Aware SE Personal
Adobe Photoshop Album Starter Edition
Adobe Reader 6.0
Adventures of Bleeposaurus (remove only)
Alphabet Express
Amazing Windows XP Screen Saver 1.2
Anark Client 1.0
Ancient Hearts & Spades
ArcSoft Software Suite
Barbie ® as Princess Bride (tm)
Bleeposaurus 2: Dragonfire (remove only)
Boggle
Bricks of Atlantis
Bursting Bubbles Deluxe (remove only)
Card Classics
CatDog
Centipede
CK Creative Clips and Fonts Sampler
CleanUp!
Compaq Connections
Compaq Instant Support
Compaq Organize
Corel Applications
Danny Phantom Ghost Sweep (remove only)
Disney/Pixar's Buzz Lightyear 2nd Grade
Disney's Mickey Mouse Preschool
Disney's Phonics Quest
Disney's Ready for Math with Pooh
Disney's Toontown Online
Disney's Winnie the Pooh Preschool
Dora Backpack
Dora Knows Your Name
Dora Lost City
Dora the Explorer Screen Saver
Doras Rapido River Rafting Race (remove only)
Doras Star Catching Game (remove only)
Drop Heads (remove only)
Easy Internet Sign-up
EPSON Online Reference Guide
EPSON Printer Software
ewido security suite
EXEtender Player
Express Burn Uninstall
Fairly Odd Parents - Big Super Hero Wish (remove only)
Fairly Odd Parents Information Stupor Highway (remove only)
Fatman Adventures 2 (remove only)
Feeding Frenzy (remove only)
FlavorGraveyard Screen Saver
Gutterball
Halloween Screen Saver
HijackThis 1.99.1
Holiday Snowflakes Screen Saver 1.2
hp deskjet 5100
hp deskjet 5100 series
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Deskjet Series
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PrecisionScan LTX
HP PSC & OfficeJet 3.0
HP Scan-to-Web Wizard
HP Software Update
In A Flash 3
In A Flash Photo 3
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
Internet Explorer Q828750
InterVideo WinDVD Player
IomegaWare 4.0.2
iPod for Windows 2005-10-12
iPod for Windows 2006-03-23
ItsDeductible Express
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_09
Jewel Quest
Jimmy Neutron Boy Genius
Jimmy Neutron Invention Revenge (remove only)
JumpStart Learning Games ABC's
JumpStart Numbers
JumpStart Pre-K
JumpStart Typing
Jungle Heart (remove only)
KBD
LiveUpdate 1.7 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Mad Caps (remove only)
Magic Ball 2
Magic Match 1.18
Math 2
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Outlook 2003
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition
Microsoft Works 7.0
Milton Bradley Classic Board Games
MSN Messenger 7.5
MUSICMATCH® Jukebox
My Wal-Mart Digital Photo Center
Need For Speed - Porsche Unleashed
Nero 7 Demo
Nick Blockade (remove only)
NVIDIA GART Driver
Ocean Life 1 Screensaver
Ocean Life 2 Screensaver
Operation
Outlook Express Update Q330994
PacaJuma Quest (remove only)
PagePrintables
Paint Shop Pro 7
Pajama Sam Life is Rough When You Lose Your Stuff
Pajama Sam No Need to Hide When It's Dark Outside
Palm Desktop
Panda ActiveScan
PC-Doctor for Windows
PDO Desktop
Photosmart 140,240,7200,7600,7700,7900 Series
Playhouse Disney's Stanley Wild for Sharks
Print Workshop 2004 LE
PS2
pumpkinpatch ScreenSaver
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
QuickTime
Reader Rabbit Preschool
RealPlayer
RecordNow!
Rhapsody Player Engine
Roll
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Scholastic's I SPY School Days
Scholastic's I SPY Spooky Mansion
Scooby-Doo(tm), Phantom of the Knight(tm)
Scrabble (remove only)
Scrabble Blast Deluxe
Scrabble Complete
Scrabble Deluxe
Sega Smash Pack II
Sesame Street Search & Learn Adventures
Snowy - Treasure Hunter (remove only)
Sonic Update Manager
SpamSubtract
SpongeBob SquarePants 3D Pinball Panic (remove only)
SpongeBob SquarePants Collapse! (remove only)
SpongeBob SquarePants Jellyfish Shuffleboard (remove only)
SpongeBob SquarePants Krabby Quest (remove only)
SpongeBob SquarePants Obstacle Odyssey (remove only)
SpongeBob SquarePants Pizza Toss (remove only)
SpongeBob SquarePants® Operation Krabby Patty
Stop the Morbuzakh (remove only)
Stunt Track Driver
Super GameHouse BlackJack
Symantec AntiVirus Client
Talk to Me
Tarzan Activity Center
The Fairly OddParents
The Font Factory
Time Force
Tonka Raceway
Top Ten Solitaire
trickortreaters ScreenSaver
TurboTax Deluxe 2003
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax ItsDeductible 2005
Ultimate Game Pak
VIA/S3 Display Driver
ViviCam V35
Wal-Mart Music Downloads Store
WeatherBug
WexTech AnswerWorks
Windows Media Format Runtime
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See q329256 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329112
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329909
Windows XP Hotfix (SP2) Q331953
Windows XP Hotfix (SP2) Q331958
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811789
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815485
Windows XP Hotfix (SP2) Q817287
Windows XP Hotfix (SP2) Q817606
Windows XP Winter Fun Pack Screensavers
WinZip
Word Search Deluxe (remove only)
Wordsheets
Yahoo! Companion
Yahtzee
Yu_Gi_Oh!_Monsters_1 Screen Saver
Yu_Gi_Oh!_Time_to_Duel_1 Screen Saver
Zone Deluxe Games

guestolo · « **Reply #9 on:** May 15, 2006, 02:02:53 PM »

Can you do the following, I see you have Ad-Aware installed, that's good, it's a great program
You should also do the following

Download and Install Spybot 1.4 from
HERE
or HERE

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer to finish any cleaning process

Hold onto Spybot
If you feel everything is running better
Final Cleanup
If everything is running better
We should flush all your restore points to ensure you don't restore any nasties that may be sitting idle

msconfig
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point

[indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install SpywareBlaster 3.5.1 by JavaCool

After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

*Make sure your Anti-Virus software is always kept up to date and actively running in the background

Update and do scan's with your Anti-Spyware programs on a regular basis
In addition: Open Spybot 1.4
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Immunize after every update

+I would opt to hold onto CleanUp! and Ewido
Ewido will become a limited free version after a couple of weeks
Still, a great scanner to update and run on a monthly basis

*Keep up to date on Windows updates (High Priorities)
This is the most important step in keeping your system secure
Make sure you check for updates at least once a month!
you still haven't updated to Service pack 2?
Is there a reason for this?
I would take this oppurtunity to update
Please see this link:
http://www.microsoft.com/windowsxp/sp2/default.mspx
Take note on that page and read the following
[indent]What to know before you download and install[/indent]

Before updating I would run the disk defragmentor on your computer
START>>All Programs>>Accessories>>System Tools>>Disk Defragmenter
If you haven't ran this in awhile, it could take a bit of time to finish, let it run uninterrupted
I find it best ran in safe mode
Then reboot back to Normal mode and visit Windows Updates!
If your on dialup, you may choose to order the free CD
There is a link on that page also

NOTE: You have HP's Share-to-Web installed, it's not a bad thing, but there was a Windows update that caused problems with IE address bar, unable to open some folders, etc...
Not to worry, if you experience any of these problems, post back and we will fix that issue for you
Do Not remove Sp2 because of this!

scrappingmama · « **Reply #10 on:** May 15, 2006, 05:35:49 PM »

Thanks for all your assistance. Everything seems to be running as it should. I have enable all the software that you recommended. I have done a defrag and am ready to install the SP2 update. They recommend backing up your data files, so I will do that next. I will post back if I run into any issues. Thanks again for your help!

guestolo · « **Reply #11 on:** June 12, 2006, 11:59:06 PM »

Since these issues appear resolved, I'll lock this topic
Take care

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: Caught Hijackers and viruses (Read 3004 times)

scrappingmama

Caught Hijackers and viruses

guestolo

Caught Hijackers and viruses

scrappingmama

Caught Hijackers and viruses

guestolo

Caught Hijackers and viruses

scrappingmama

Caught Hijackers and viruses

guestolo

Caught Hijackers and viruses

scrappingmama

Caught Hijackers and viruses

guestolo

Caught Hijackers and viruses

scrappingmama

Caught Hijackers and viruses

guestolo

Caught Hijackers and viruses

scrappingmama

Caught Hijackers and viruses

guestolo

Caught Hijackers and viruses