Author Topic: 007 guard (Read 1301 times)

BusyBear · « **on:** October 10, 2007, 04:10:14 AM »

Hello!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

I think I must have a bug of some description as sometimes my webpage seems to redirect to a site error page called 007 guard.

Can anyone shed some light on what it is please!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Thanks In Advance for any help!

BusyBear

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #1 on:** October 10, 2007, 08:32:23 AM »

Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum-

Aragost / Evil Shady · « **Reply #2 on:** October 10, 2007, 10:27:23 AM »

Well it looks like you have 007Guard, aparantly it's a bitch of a peice of software, this is their offical tutorial on how to uninstall it: http://www.007guard.com/uninstall.html - Though I don't know if it'll work...

- Shady

guestolo · « **Reply #3 on:** October 10, 2007, 08:59:15 PM »

Quote

Though I don't know if it'll work...

I don't think I would trust it, use an uninstaller from the same folks that infected your computer
That is chancy

I suggest that you post the hijackthis log instead, unless you want to roll the dice and try the uninstaller

BusyBear · « **Reply #4 on:** October 11, 2007, 03:29:04 AM »

Here is my logfile ... I have run many programs including avg antispyware, cccleaner, spybot etc since posting this thread

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:17 PM, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ieimprover - {7259D807-845F-459A-AFF7-6274C477CDB9} - C:\Program Files\ieimprover\ie-improver.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe

--
End of file - 6105 bytes

Thanks

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #5 on:** October 11, 2007, 09:06:07 AM »

Can you do the following please
Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from Combofix please
It's default location is C:\Combofix.txt

BusyBear · « **Reply #6 on:** October 11, 2007, 04:22:30 PM »

Thanks Guestolo Hope this helps

ComboFix 07-10-12.1 - Glenys 2007-10-12 7:16:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.148 [GMT 10:00]
Running from: C:\Documents and Settings\Glenys\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\~.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.

2007-10-12 07:15   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-10-11 18:23   <DIR>   d--------   C:\Program Files\Trend Micro
2007-10-10 22:11   <DIR>   d--------   C:\Documents and Settings\Adam\Application Data\Grisoft
2007-10-10 21:23   <DIR>   d--------   C:\Documents and Settings\Guest\Application Data\Grisoft
2007-10-10 20:57   <DIR>   d--------   C:\Documents and Settings\Glenys\Application Data\Grisoft
2007-10-10 20:57   10,872   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-10 20:56   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-07 22:45   <DIR>   d---s----   C:\Documents and Settings\Guest\UserData
2007-10-02 20:17   <DIR>   d--h-----   C:\Program Files\ieimprover
2007-10-02 20:17   146,441   --a------   C:\WINDOWS\system32\sysdl132.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 11:42   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 10:10   ---------   d-----w   C:\Program Files\SpywareBlaster
2007-10-09 11:38   ---------   d-----w   C:\Program Files\LimeWire
2007-09-11 08:29   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-06 10:09   801,144   ----a-w   C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05   94,416   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05   92,848   -c--a-w   C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00   95,608   -c--a-w   C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 10:00   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-01 04:15   ---------   d-----w   C:\Program Files\Windows Live Safety Center
2007-08-31 21:49   ---------   d-----w   C:\Documents and Settings\Guest\Application Data\MySpace
2007-08-21 06:15   683,520   ----a-w   C:\WINDOWS\system32\inetcomm.dll
2007-07-30 09:19   92,504   ----a-w   C:\WINDOWS\system32\cdm.dll
2007-07-30 09:19   549,720   ----a-w   C:\WINDOWS\system32\wuapi.dll
2007-07-30 09:19   53,080   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 09:19   43,352   ----a-w   C:\WINDOWS\system32\wups2.dll
2007-07-30 09:19   325,976   ----a-w   C:\WINDOWS\system32\wucltui.dll
2007-07-30 09:19   203,096   ----a-w   C:\WINDOWS\system32\wuweb.dll
2007-07-30 09:19   1,712,984   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 09:18   33,624   ----a-w   C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7259D807-845F-459A-AFF7-6274C477CDB9}]
2007-10-02 20:17   95232   --a------   C:\Program Files\ieimprover\ie-improver.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="sm56hlpr.exe" [2005-06-06 19:40 C:\WINDOWS\sm56hlpr.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 19:09 C:\WINDOWS\SOUNDMAN.EXE]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 08:39]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 20:06]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 02:10]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 11:10]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 08:36]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 19:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-14 10:04]
"WebCamRT.exe"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
R2 ptssvc;ptssvc;C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-08 22:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 07:19:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-12 7:19:52
.
   --- E O F ---
I did notice it deleted a file in windows .. maybe that was it?

guestolo · « **Reply #7 on:** October 11, 2007, 06:27:25 PM »

It got one file, I see a couple others I want to check on
They've been popping up on the Internet lately

Let's double check them
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Go to the following link
http://www.virustotal.com/flash/index_en.html
Copy>>Paste (You may have to use the Ctrl + V keys to paste)
to the open field under Upload a file
(Or you can manually browse to the filename)

The exact line in bold below

C:\WINDOWS\system32\sysdl132.exe

Then click the Send File button, wait for the scan to finish
Post back the results of the scan
Do the same for this one too please

C:\Program Files\ieimprover\ie-improver.dll

Could you also do the following
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Let's see what the above finds, after that we should be able to kill this off

BusyBear · « **Reply #8 on:** October 12, 2007, 04:19:27 AM »

WOW I see some things in this first one already! Here is the system 32 scan results

Antivirus Version Last Update Result
AhnLab-V3 2007.10.12.1 2007.10.12 -
AntiVir 7.6.0.20 2007.10.12 TR/Drop.Startup.2
Authentium 4.93.8 2007.10.12 -
Avast 4.7.1051.0 2007.10.11 -
AVG 7.5.0.488 2007.10.11 -
BitDefender 7.2 2007.10.12 -
CAT-QuickHeal 9.00 2007.10.11 -
ClamAV 0.91.2 2007.10.12 -
DrWeb 4.44.0.09170 2007.10.12 -
eSafe 7.0.15.0 2007.10.10 suspicious Trojan/Worm
eTrust-Vet 31.2.5205 2007.10.12 -
Ewido 4.0 2007.10.11 -
FileAdvisor 1 2007.10.12 -
Fortinet 3.11.0.0 2007.10.12 -
F-Prot 4.3.2.48 2007.10.11 -
F-Secure 6.70.13030.0 2007.10.12 -
Ikarus T3.1.1.12 2007.10.12 -
Kaspersky 7.0.0.125 2007.10.12 Trojan.Win32.Agent.bxx
McAfee 5139 2007.10.11 -
Microsoft 1.2908 2007.10.12 -
NOD32v2 2587 2007.10.12 -
Norman 5.80.02 2007.10.11 -
Panda 9.0.0.4 2007.10.11 -
Prevx1 V2 2007.10.12 Heuristic: Suspicious Tampers With Firewall Settings
Rising 19.44.42.00 2007.10.12 -
Sophos 4.22.0 2007.10.12 -
Sunbelt 2.2.907.0 2007.10.11 -
Symantec 10 2007.10.12 Trojan.Dropper
TheHacker 6.2.8.087 2007.10.12 -
VBA32 3.12.2.4 2007.10.11 -
VirusBuster 4.3.26:9 2007.10.11 -
Webwasher-Gateway 6.0.1 2007.10.12 Trojan.Drop.Startup.2
Additional information
File size: 146441 bytes
MD5: 743ac5e5c21fb0875cdf1e6512c8056a
SHA1: b3bc37e626317219bf68309af6da2b637d4ab163
packers: UPX
packers: PE_Patch.UPX, UPX, PE_Patch.UPX, UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5...1011C0035E075FE

BusyBear · « **Reply #9 on:** October 12, 2007, 04:26:30 AM »

This Is The Hijack this list

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0
AdobeÂ® PhotoshopÂ® Album Starter Edition 3.2
AnyDVD
Apple Software Update
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
avast! Antivirus
AVG Anti-Spyware 7.5
Azureus
Canon CanoScan Toolbox 4.0
Canon iP4200
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CCleaner (remove only)
CCScore
CD-LabelPrint
CleanUp!
CloneDVD2
dBpowerAMP AAC (AACEnc CLI)
dBpowerAMP AAC Codec
dBpowerAMP Mp4 Codec
dBpowerAMP Music Converter
dBpowerAMP Ogg Vorbis Codec
dBpowerAMP WMA V9.1 Codec
Disc2Phone
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
ESSvpaht
ESSvpot
e-tax 2006
e-tax 2006 - FTB Module
e-tax 2007
ewido security suite
HijackThis 2.0.2
HLPIndex
HLPSFO
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB929120)
iPod for Windows 2006-03-23
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
KODAK Camera Connection Software Help
Kodak EasyShare software
Kodak Memory Albums
KODAK Picture Software
KSU
LimeWire 4.14.10
LiveUpdate BVRP Software
Logitech QuickCam
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
mobile PhoneTools
Motorola SM56 Speakerphone Modem
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MySpaceIM
Nero 7 Demo
Notifier
NVIDIA Drivers
OfotoXMI
OTtBP
OTtBPSDK
Panda ActiveScan
QuickTime
Realtek AC'97 Audio
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
SFR
SHASTA
SKIN0001
SKINXSDK
Skype 3.0
Skype Plugin Manager
Sony Ericsson PC Suite
SoulSeek Client 156c
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SureThing CD Labeler Deluxe 3.1 Trial
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
VPRINTOL
Winamp (remove only)
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WIRELESS

BusyBear · « **Reply #10 on:** October 12, 2007, 04:45:33 AM »

This is the ie-improver results .. looks like more wierd stuff!

Antivirus Version Last Update Result
AhnLab-V3 2007.10.12.1 2007.10.12 -
AntiVir 7.6.0.20 2007.10.12 TR/BHO.GC
Authentium 4.93.8 2007.10.12 -
Avast 4.7.1051.0 2007.10.11 -
AVG 7.5.0.488 2007.10.11 -
BitDefender 7.2 2007.10.12 -
CAT-QuickHeal 9.00 2007.10.11 -
ClamAV 0.91.2 2007.10.12 -
DrWeb 4.44.0.09170 2007.10.12 -
eSafe 7.0.15.0 2007.10.10 -
eTrust-Vet 31.2.5205 2007.10.12 -
Ewido 4.0 2007.10.11 -
FileAdvisor 1 2007.10.12 -
Fortinet 3.11.0.0 2007.10.12 W32/Agent.BXX!tr
F-Prot 4.3.2.48 2007.10.11 -
F-Secure 6.70.13030.0 2007.10.12 Trojan.Win32.Agent.bxx
Ikarus T3.1.1.12 2007.10.12 Trojan.Win32.Agent.bxx
Kaspersky 7.0.0.125 2007.10.12 Trojan.Win32.Agent.bxx
McAfee 5139 2007.10.11 -
Microsoft 1.2908 2007.10.12 -
NOD32v2 2587 2007.10.12 -
Norman 5.80.02 2007.10.11 -
Panda 9.0.0.4 2007.10.11 Suspicious file
Prevx1 V2 2007.10.12 Heuristic: Suspicious Browser Help Object
Rising 19.44.42.00 2007.10.12 -
Sophos 4.22.0 2007.10.12 -
Sunbelt 2.2.907.0 2007.10.11 -
Symantec 10 2007.10.12 Trojan.Adclicker
TheHacker 6.2.8.087 2007.10.12 -
VBA32 3.12.2.4 2007.10.12 -
VirusBuster 4.3.26:9 2007.10.11 -
Webwasher-Gateway 6.0.1 2007.10.12 Trojan.BHO.GC
Additional information
File size: 95232 bytes
MD5: 6dc24b6237b83253984eb54acd14daa5
SHA1: 2ecd088a7b300337391fd3c47f26f4d971ba2a38
packers: UPX_LZMA
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5...29FAD00EF54FE37

guestolo · « **Reply #11 on:** October 12, 2007, 08:47:09 AM »

Thanks for scanning those 2 files

Let's do the following
[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system.

Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement[/i]".
The page will refresh.
Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (13.93 MB).
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.

- Examples of older versions in Add or Remove Programs:

* Java 2 Runtime Environment, SE v1.4.2
* J2SE Runtime Environment 5.0
* J2SE Runtime Environment 5.0 Update 6

Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.

DON'T install the latest version yet
Reboot your computer

Go ahead and install the latest version of Java from the installer on the desktop

Afterwards:
Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work

Quote

File::
C:\WINDOWS\system32\sysdl132.exe

Folder::
C:\Program Files\ieimprover

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7259D807-845F-459A-AFF7-6274C477CDB9}]

Save this as txtfile
CFScript

Take note the pic above
Drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt..

1. Post again the combofix.txt log
2. Post a fresh hijackthis log

Keep me informed how things are running please

BusyBear · « **Reply #12 on:** October 12, 2007, 04:43:59 PM »

Here is the combofix log .. hope I did it right! The 007 guard page popped up again last night before I went to bed (Australian time)

ComboFix 07-10-12.1 - Glenys 2007-10-13 7:34:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.212 [GMT 10:00]
Running from: C:\Documents and Settings\Glenys\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Glenys\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\sysdl132.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ieimprover
C:\Program Files\ieimprover\bho.dat
C:\Program Files\ieimprover\er.dat
C:\Program Files\ieimprover\ie-improver.dll
C:\Program Files\ieimprover\uninstall.exe
C:\WINDOWS\system32\sysdl132.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.

2007-10-13 07:30   <DIR>   d--------   C:\Program Files\Common Files\Java
2007-10-12 07:15   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-10-11 18:23   <DIR>   d--------   C:\Program Files\Trend Micro
2007-10-10 22:11   <DIR>   d--------   C:\Documents and Settings\Adam\Application Data\Grisoft
2007-10-10 21:23   <DIR>   d--------   C:\Documents and Settings\Guest\Application Data\Grisoft
2007-10-10 20:57   <DIR>   d--------   C:\Documents and Settings\Glenys\Application Data\Grisoft
2007-10-10 20:57   10,872   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-10 20:56   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-07 22:45   <DIR>   d---s----   C:\Documents and Settings\Guest\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 21:31   ---------   d-----w   C:\Program Files\Java
2007-10-10 11:42   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 10:10   ---------   d-----w   C:\Program Files\SpywareBlaster
2007-10-09 11:38   ---------   d-----w   C:\Program Files\LimeWire
2007-09-11 08:29   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-06 10:05   94,416   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05   92,848   -c--a-w   C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-01 04:15   ---------   d-----w   C:\Program Files\Windows Live Safety Center
2007-08-31 21:49   ---------   d-----w   C:\Documents and Settings\Guest\Application Data\MySpace
.

((((((((((((((((((((((((((((( snapshot@2007-10-12_ 7.19.19.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-10-11 14:35:14   49,248   -c--a-w   C:\WINDOWS\system32\java.exe
+ 2007-09-24 12:30:28   135,168   ----a-w   C:\WINDOWS\system32\java.exe
- 2006-10-11 14:35:24   53,346   -c--a-w   C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 12:30:30   135,168   ----a-w   C:\WINDOWS\system32\javaw.exe
- 2006-10-11 16:10:56   127,078   -c--a-w   C:\WINDOWS\system32\javaws.exe
+ 2007-09-24 13:31:42   139,264   ----a-w   C:\WINDOWS\system32\javaws.exe
+ 2007-10-12 21:37:16   16,384   ----atw   C:\WINDOWS\temp\Perflib_Perfdata_570.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="sm56hlpr.exe" [2005-06-06 19:40 C:\WINDOWS\sm56hlpr.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 19:09 C:\WINDOWS\SOUNDMAN.EXE]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 08:39]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 20:06]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 11:10]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 08:36]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 19:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-14 10:04]
"WebCamRT.exe"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
R2 ptssvc;ptssvc;C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-08 22:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 07:37:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-13 7:40:12 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-12 07:19
.
   --- E O F ---

BusyBear · « **Reply #13 on:** October 12, 2007, 04:46:02 PM »

Here is the new hijack this log

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:27 AM, on 13/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe

--
End of file - 5996 bytes

guestolo · « **Reply #14 on:** October 12, 2007, 08:30:24 PM »

Quote

The 007 guard page popped up again last night before I went to bed

Ok, but how is it now?
Let's keep the updates current please

BusyBear · « **Reply #15 on:** October 14, 2007, 01:52:43 AM »

Sorry I have not had my pc on for the last 24 hours I will let you know if it turns up again.

How did the last reports look?

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #16 on:** October 14, 2007, 03:02:02 AM »

Quote

How did the last reports look?

Looked good, how's everthing running, any redirections?

BusyBear · « **Reply #17 on:** October 14, 2007, 04:55:00 AM »

So far so good though it has only been a couple of hours and it doesnt happen constantly.

Thanks for all your hard work Guestolo. Once again you have been great

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

*hugs*

guestolo · « **Reply #18 on:** October 14, 2007, 04:42:35 PM »

Sounds good, ensure you keep your protections updated with Spywareblaster

I would also utilize the Immunization feature in Spybot after every update

News:

Author Topic: 007 guard (Read 1301 times)