Jump to content
Sign in to follow this  
CarterRichardCarter

Help Analyzing Hijack This Report

Recommended Posts

Hi,

 

I am running Win XP Pro, it was re-installed in January of this year. I am using version 7.0.6.38 of Webroot Anti-virus with Spy Sweeper. A recent scan didnt detect any viruses.

 

I just ran Spy Bot and the following adwares were found:

MTC make me search, hijackers

right media, browser (all of following are also denoted as browser)

zedo

consale media

double click

fast click

media plex

 

all were successfully removed.

 

The reason I am submitting this data is because very often, starting a few weeks ago, when I do various tasks eg attempting to close a window, open an email, click on a link, there is a significant delay before the task is completed, while processing is occurring.

 

Enclosed are the requested logs.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:27:48 PM, on 5/13/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Documents and Settings\carter\Local Settings\Apps\F.lux\flux.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\WINDOWS\msagent\AgentSvr.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\carter\My Documents\Downloads\HijackThis.exe

 

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe"

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [Logitech Utility] "LOGI_MWX.EXE"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\carter\Local Settings\Apps\F.lux\flux.exe" /noshow

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] "C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_Plugin.exe" -update plugin

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{AC84CFEC-59F2-48D3-A12A-4297ADCB89BA}: NameServer = 156.154.70.22,156.154.71.22

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\windows\system32\guard32.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 4813 bytes

 

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by carter at 11:48:17.25 on Sat 05/14/2011

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.109 [GMT -7:00]

.

AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}

FW: COMODO Firewall *Enabled*

.

============== Running Processes ===============

.

C:\Program Files\Emsisoft Anti-Malware\a2service.exe

C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Documents and Settings\carter\Local Settings\Apps\F.lux\flux.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\WINDOWS\msagent\AgentSvr.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\carter\My Documents\Downloads\dds(1).scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [F.lux] "c:\documents and settings\carter\local settings\apps\f.lux\flux.exe" /noshow

uRun: [spybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"

mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [Logitech Utility] "LOGI_MWX.EXE"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: {AC84CFEC-59F2-48D3-A12A-4297ADCB89BA} = 156.154.70.22,156.154.71.22

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\windows\system32\guard32.dll

LSA: Notification Packages = scecli scecli

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\carter\applic~1\mozilla\firefox\profiles\4swj7wkp.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z013&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z013&form=ZGAADF&q=

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-11 239368]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-11 27576]

R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-5-14 2860800]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-11 1803224]

R2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [2010-12-21 45072]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2010-12-21 3888696]

R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2010-12-21 3275112]

S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-5-14 73728]

.

=============== Created Last 30 ================

.

2011-05-14 16:36:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2011-05-14 06:00:42 -------- d-----w- c:\docume~1\carter\applic~1\Malwarebytes

2011-05-14 05:59:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-14 05:59:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-05-14 05:59:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-14 05:59:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-14 04:59:01 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-05-14 04:59:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2011-04-23 17:33:59 937984 ----a-w- c:\windows\system32\dllcache\winbrand.dll

2011-04-23 17:32:58 86016 ----a-w- c:\windows\system32\dllcache\icwconn2.exe

2011-04-23 17:31:59 89088 ----a-w- c:\windows\system32\dllcache\wmiaprpl.dll

2011-04-23 17:30:59 831519 ----a-w- c:\windows\system32\dllcache\mswdat10.dll

.

==================== Find3M ====================

.

.

============= FINISH: 11:54:09.91 ===============

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/15/2010 2:13:54 PM

System Uptime: 5/14/2011 11:31:18 AM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | A7N8X-X

Processor: AMD Athlon XP 2500+ | Socket A | 1829/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 50.161 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP86: 2/13/2011 9:00:26 PM - Software Distribution Service 3.0

RP87: 2/14/2011 9:00:24 PM - Software Distribution Service 3.0

RP88: 2/15/2011 9:00:25 PM - Software Distribution Service 3.0

RP89: 2/16/2011 9:00:21 PM - Software Distribution Service 3.0

RP90: 2/17/2011 9:00:24 PM - Software Distribution Service 3.0

RP91: 2/18/2011 9:00:26 PM - Software Distribution Service 3.0

RP92: 2/19/2011 9:00:25 PM - Software Distribution Service 3.0

RP93: 2/20/2011 9:00:33 PM - Software Distribution Service 3.0

RP94: 2/21/2011 9:00:27 PM - Software Distribution Service 3.0

RP95: 2/22/2011 9:00:23 PM - Software Distribution Service 3.0

RP96: 2/23/2011 9:00:41 PM - Software Distribution Service 3.0

RP97: 2/24/2011 9:00:26 PM - Software Distribution Service 3.0

RP98: 2/25/2011 9:00:26 PM - Software Distribution Service 3.0

RP99: 2/26/2011 9:00:22 PM - Software Distribution Service 3.0

RP100: 2/27/2011 9:00:24 PM - Software Distribution Service 3.0

RP101: 2/28/2011 9:00:43 PM - Software Distribution Service 3.0

RP102: 3/1/2011 9:00:48 PM - Software Distribution Service 3.0

RP103: 3/2/2011 9:00:44 PM - Software Distribution Service 3.0

RP104: 3/3/2011 9:00:37 PM - Software Distribution Service 3.0

RP105: 3/4/2011 9:00:22 PM - Software Distribution Service 3.0

RP106: 3/5/2011 9:00:25 PM - Software Distribution Service 3.0

RP107: 3/6/2011 9:00:24 PM - Software Distribution Service 3.0

RP108: 3/7/2011 9:00:32 PM - Software Distribution Service 3.0

RP109: 3/8/2011 9:00:36 PM - Software Distribution Service 3.0

RP110: 3/9/2011 9:00:24 PM - Software Distribution Service 3.0

RP111: 3/10/2011 9:00:31 PM - Software Distribution Service 3.0

RP112: 3/11/2011 8:26:40 PM - Software Distribution Service 3.0

RP113: 3/11/2011 9:00:19 PM - Software Distribution Service 3.0

RP114: 3/11/2011 9:19:14 PM - Removed Microsoft Silverlight

RP115: 3/11/2011 9:20:48 PM - Removed Pure Networks Platform

RP116: 3/11/2011 9:21:51 PM - Removed WebEx Support Manager for Internet Explorer

RP117: 3/11/2011 9:23:42 PM - Software Distribution Service 3.0

RP118: 3/12/2011 10:00:25 PM - Software Distribution Service 3.0

RP119: 3/13/2011 9:00:33 PM - Software Distribution Service 3.0

RP120: 3/14/2011 9:07:24 PM - Software Distribution Service 3.0

RP121: 3/15/2011 9:00:24 PM - Software Distribution Service 3.0

RP122: 3/16/2011 9:00:25 PM - Software Distribution Service 3.0

RP123: 3/17/2011 9:00:22 PM - Software Distribution Service 3.0

RP124: 3/18/2011 9:00:23 PM - Software Distribution Service 3.0

RP125: 3/19/2011 9:00:52 PM - Software Distribution Service 3.0

RP126: 3/20/2011 6:42:23 PM - Removed OpenOffice.org 3.3

RP127: 3/20/2011 9:00:28 PM - Software Distribution Service 3.0

RP128: 3/21/2011 9:00:31 PM - Software Distribution Service 3.0

RP129: 3/22/2011 9:00:24 PM - Software Distribution Service 3.0

RP130: 3/23/2011 9:00:32 PM - Software Distribution Service 3.0

RP131: 3/24/2011 6:43:19 PM - Software Distribution Service 3.0

RP132: 3/24/2011 9:00:16 PM - Software Distribution Service 3.0

RP133: 3/25/2011 9:04:26 PM - Software Distribution Service 3.0

RP134: 3/26/2011 9:00:26 PM - Software Distribution Service 3.0

RP135: 3/27/2011 9:00:22 PM - Software Distribution Service 3.0

RP136: 3/28/2011 9:00:26 PM - Software Distribution Service 3.0

RP137: 3/29/2011 9:00:26 PM - Software Distribution Service 3.0

RP138: 3/30/2011 9:00:42 PM - Software Distribution Service 3.0

RP139: 3/31/2011 9:00:47 PM - Software Distribution Service 3.0

RP140: 4/1/2011 9:01:21 PM - Software Distribution Service 3.0

RP141: 4/2/2011 9:01:00 PM - Software Distribution Service 3.0

RP142: 4/3/2011 9:00:56 PM - Software Distribution Service 3.0

RP143: 4/4/2011 9:00:21 PM - Software Distribution Service 3.0

RP144: 4/5/2011 9:00:35 PM - Software Distribution Service 3.0

RP145: 4/6/2011 9:00:25 PM - Software Distribution Service 3.0

RP146: 4/7/2011 9:00:37 PM - Software Distribution Service 3.0

RP147: 4/8/2011 9:00:35 PM - Software Distribution Service 3.0

RP148: 4/9/2011 9:00:40 PM - Software Distribution Service 3.0

RP149: 4/10/2011 9:00:45 PM - Software Distribution Service 3.0

RP150: 4/11/2011 8:02:23 PM - Software Distribution Service 3.0

RP151: 4/11/2011 9:01:22 PM - Software Distribution Service 3.0

RP152: 4/12/2011 9:00:36 PM - Software Distribution Service 3.0

RP153: 4/13/2011 9:00:20 PM - Software Distribution Service 3.0

RP154: 4/14/2011 9:00:27 PM - Software Distribution Service 3.0

RP155: 4/15/2011 9:01:31 PM - Software Distribution Service 3.0

RP156: 4/16/2011 9:00:31 PM - Software Distribution Service 3.0

RP157: 4/17/2011 9:00:21 PM - Software Distribution Service 3.0

RP158: 4/18/2011 9:00:19 PM - Software Distribution Service 3.0

RP159: 4/19/2011 9:00:34 PM - Software Distribution Service 3.0

RP160: 4/20/2011 9:01:07 PM - Software Distribution Service 3.0

RP161: 4/21/2011 9:00:21 PM - Software Distribution Service 3.0

RP162: 4/22/2011 9:00:20 PM - Software Distribution Service 3.0

RP163: 4/23/2011 10:24:32 AM - Software Distribution Service 3.0

RP164: 4/23/2011 10:25:33 AM - Software Distribution Service 3.0

RP165: 4/23/2011 9:00:28 PM - Software Distribution Service 3.0

RP166: 4/24/2011 9:00:39 PM - Software Distribution Service 3.0

RP167: 4/25/2011 8:57:21 AM - Software Distribution Service 3.0

RP168: 4/25/2011 9:00:23 PM - Software Distribution Service 3.0

RP169: 4/26/2011 9:00:46 PM - Software Distribution Service 3.0

RP170: 4/27/2011 9:00:55 PM - Software Distribution Service 3.0

RP171: 4/28/2011 9:00:39 PM - Software Distribution Service 3.0

RP172: 4/29/2011 9:00:39 PM - Software Distribution Service 3.0

RP173: 4/30/2011 9:00:27 PM - Software Distribution Service 3.0

RP174: 5/1/2011 9:00:27 PM - Software Distribution Service 3.0

RP175: 5/2/2011 9:00:22 PM - Software Distribution Service 3.0

RP176: 5/3/2011 9:00:50 PM - Software Distribution Service 3.0

RP177: 5/4/2011 9:01:08 PM - Software Distribution Service 3.0

RP178: 5/5/2011 9:00:30 PM - Software Distribution Service 3.0

RP179: 5/6/2011 9:00:57 PM - Software Distribution Service 3.0

RP180: 5/7/2011 9:00:47 PM - Software Distribution Service 3.0

RP181: 5/8/2011 9:01:15 PM - Software Distribution Service 3.0

RP182: 5/9/2011 9:00:29 PM - Software Distribution Service 3.0

RP183: 5/10/2011 9:02:15 PM - Software Distribution Service 3.0

RP184: 5/11/2011 9:01:46 PM - Software Distribution Service 3.0

RP185: 5/12/2011 9:00:48 PM - Software Distribution Service 3.0

RP186: 5/13/2011 9:01:01 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Auction Sentry Deluxe

COMODO Internet Security

Emsisoft Anti-Malware 5.1

F.lux

HomeBase 3

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

Java Auto Updater

Java 6 Update 22

Logitech MouseWare 9.79

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Office 2000 Professional

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 4.0.1 (x86 en-US)

Mozilla Thunderbird (3.1.10)

MSXML 6 Service Pack 2 (KB973686)

NVIDIA Windows 2000/XP nForce Drivers

PDF-Viewer

Samsung ML-1740 Series

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB944338-v2)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971032)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981350)

Security Update for Windows XP (KB982381)

Skype Toolbars

Skype™ 5.3

SpeedFan (remove only)

Spybot - Search & Destroy

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB898461)

Update for Windows XP (KB925720)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Webroot Software

Windows Genuine Advantage Notifications (KB905474)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Yahoo! Messenger

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

5/7/2011 9:01:26 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 6.0 Service Pack 2 (KB954459).

5/7/2011 12:25:37 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{AC84CFEC-59F2-48D3-A12A-4297ADCB89BA} because another computer on the network has the same name. The server could not start.

5/14/2011 11:32:30 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

.

==== End Of File ===========================

 

Thank you for any help you might be able to give. Pls let me know if you need any additional information.

Richard Carter

Share this post


Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort. This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.

 

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

 

Vista and Windows 7 users:

 

These tools MUST be run from the executable. (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

 

Stay with this topic until I give you the all clean post.

Share this post


Link to post
Share on other sites

Let's get going... :)

 

I notice that you have both Webroot AV and Comodo Internet Security running at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system. Please uninstall either Webroot AV or Comodo Internet Security (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.

----------

 

 

Posted Image

Download GMER Rootkit Scanner from here or here.

  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

     

    Posted Image

    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

----------

 

Lets get a scan of your Master Boot Record shall we:

  • Download aswMBR.exe ( 511KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the Scan button to start scan
  • On completion of the scan click Save Log, save it to your Desktop and post in your next reply
In your next reply please post the logs created by GMER and aswMBR. :)

Share this post


Link to post
Share on other sites

Hi Jeff,

 

I removed Comodo Internet Security, I was under the impression it is just a firewall and not functioning as an AV. I turned on Windows firewall as I received the message I didnt have a firewall protection.

 

I followed your instructions, and downloaded GMER rootkit scanner, including unchecking the boxes you requested. However, I was unable to complete this scan as each time ie 4x I attempted to do this the scan reached a certain point and then my computer shut down.

 

It rebooted normally.

 

I was able to successfully scan with aswMBR and is included here.

 

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-15 09:50:00

-----------------------------

09:50:00.609 OS Version: Windows 5.1.2600 Service Pack 2

09:50:00.609 Number of processors: 1 586 0xA00

09:50:00.609 ComputerName: CARTER-2CBB8FD3 UserName: carter

09:50:03.328 Initialize success

09:50:14.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3

09:50:14.859 Disk 0 Vendor: WDC_WD800JB-00JJC0 05.01C05 Size: 76319MB BusType: 3

09:50:16.890 Disk 0 MBR read successfully

09:50:16.890 Disk 0 MBR scan

09:50:16.890 Disk 0 Windows XP default MBR code

09:50:18.890 Disk 0 scanning sectors +156280320

09:50:18.906 Disk 0 scanning C:\WINDOWS\system32\drivers

09:50:22.328 Service scanning

09:50:23.312 Disk 0 trace - called modules:

09:50:23.312 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

09:50:23.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f03ab8]

09:50:23.312 3 CLASSPNP.SYS[f86c705b] -> nt!IofCallDriver -> \Device\0000005a[0x82f06f18]

09:50:23.312 5 ACPI.sys[f862d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x82f18940]

09:50:23.328 Scan finished successfully

09:51:21.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\carter\Desktop\MBR.dat"

09:51:21.640 The log file has been saved successfully to "C:\Documents and Settings\carter\Desktop\aswMBR.txt"

 

Thanks, Carter

Share this post


Link to post
Share on other sites

Lets try a little bit something different. I need you to boot into Safe Mode by doing the following:

Reboot Your System in Safe Mode

 

How to use the F8 method to Start Your Computer in Safe Mode

  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe mode menu item
  • Press Enter.
----------

 

Posted Image

Download GMER Rootkit Scanner from here or here.

  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

     

    Posted Image

    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Boot back into Normal Mode.

 

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

 

 

In your next reply please post the log created by GMER. :)

Share this post


Link to post
Share on other sites

Don't worry about the GMER scan. Lets go to something else shall we.

 

Please download JavaRa to your desktop and unzip it to its own

folder

  • Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then

    click Remove Older Versions.

  • Accept any prompts.
  • Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest

    Java Runtime Environment (JRE) version for your computer.

----------

 

Malwarebytes

 

  • Double-click mbam-setup.exe, select Perform quick scan, then click Scan as shown below.

     

    Posted Image

  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

 

The log can also be found here:

C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------

 

ESET Online Scanner

I'd like us to scan your machine with ESET Online Scan

 

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

    scanning your computer. Please be patient as this can take some time.

  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as

    ESETScan. Include the contents of this report in your next reply.

  • Push the Posted Image button.
  • Push Posted Image
http://www.eset.com/onlinescan/

 

 

In your next reply please let me know how your system is running and post the logs to Malwarebytes and ESET Online Scan.

Share this post


Link to post
Share on other sites

Hi,

You want Java Runtime Environment (JRE) version 6 update 25 :)

 

Please download JavaRa to your desktop and unzip it to its own

folder

  • Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then

    click Remove Older Versions.

  • Accept any prompts.
  • Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest

    Java Runtime Environment (JRE) version for your computer.

----------

 

Malwarebytes

 

  • Double-click mbam-setup.exe, select Perform quick scan, then click Scan as shown below.

     

    Posted Image

  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

 

The log can also be found here:

C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------

 

ESET Online Scanner

I'd like us to scan your machine with ESET Online Scan

 

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

    scanning your computer. Please be patient as this can take some time.

  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as

    ESETScan. Include the contents of this report in your next reply.

  • Push the Posted Image button.
  • Push Posted Image
http://www.eset.com/onlinescan/

 

 

In your next reply please let me know how your system is running and post the logs to Malwarebytes and ESET Online Scan.

Share this post


Link to post
Share on other sites

Hi!!

 

Ok...how about we try this. Go to the website here and download this update for Java. :)

 

Have you ran Malwarebytes and the ESET Online scan yet? If so please post those logs even if you don't have Java updated yet.

 

Stick with me as we will be finishing up soon. :)

Share this post


Link to post
Share on other sites

Jeff, here is the scan from Malwarebytes, I didnt do the other yet as I cannot figure out how to turn off my Webroot Av, I cannot find where this is done though usually you just right click on the icon and it gives that option.

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Database version: 6571

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

5/17/2011 6:18:59 PM

mbam-log-2011-05-17 (18-18-59).txt

 

Scan type: Quick scan

Objects scanned: 141945

Time elapsed: 8 minute(s), 41 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Good Morning,

 

The reason that we want to keep Java updated is that when there are new versions that come out and used, the old versions create security vulnerabilities on your computer. You should always be sure to have the latest update as well as deleting any older versions you may have. :)

 

Try using the information provided by Webroot at this site --> http://support.webro...detail/a_id/451

 

If you can not get Webroot disabled go ahead and run ESET as it may run anywat and post the log to that scan. Your Malwarebytes scan looks good!

 

If you can't get ESET to run try this online scan instead with the instructions below.

 

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

 

  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Once the scan is complete, click on View scan report To obtain the report:
  • Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop
  • In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
  • Please post the Kaspersky Online Scanner Report in your reply.

Animated tutorial

http://i275.photobucket.com/albums/jj285/B...ng/KAS/KAS9.gif

Share this post


Link to post
Share on other sites

hi,

 

here are the results of the ESET scan, it seems to be operating somewhat better than before. just curious, was there anything found in the Hijack This scan?

 

C:\Documents and Settings\carter\My Documents\Downloads\fooods_low_in_glycemic_index.com a variant of Win32/Injector.FXK trojan cleaned by deleting - quarantined

 

Thanks, Carter

Share this post


Link to post
Share on other sites

Hi,

 

Hijack This is a scan that we used to use but with the development of more sophisticated malware, we have transitioned to using DDS to look over your logs and this gives us a better idea of what is on your system. The information provided by Hijack This is given in DDS along with much more. Posted Image

 

Please run DDS one more time and post the new log created in your next reply.

Share this post


Link to post
Share on other sites

Jeff,

 

Here are the latest DDS logs-

 

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by carter at 17:21:56.59 on Wed 05/18/2011

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.158 [GMT -7:00]

.

AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}

.

============== Running Processes ===============

.

C:\Program Files\Emsisoft Anti-Malware\a2service.exe

C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe

C:\Documents and Settings\carter\Local Settings\Apps\F.lux\flux.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\carter\My Documents\Downloads\dds(2).scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [F.lux] "c:\documents and settings\carter\local settings\apps\f.lux\flux.exe" /noshow

uRun: [spybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"

mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"

mRun: [Logitech Utility] "LOGI_MWX.EXE"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: {AC84CFEC-59F2-48D3-A12A-4297ADCB89BA} = 66.218.44.5,156.154.71.16

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\windows\system32\guard32.dll

LSA: Notification Packages = scecli scecli

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\carter\applic~1\mozilla\firefox\profiles\4swj7wkp.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z013&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z013&form=ZGAADF&q=

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-5-14 2860800]

R2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [2010-12-21 45072]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2010-12-21 3888696]

R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2010-12-21 3275112]

S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-5-14 73728]

.

=============== Created Last 30 ================

.

2011-05-18 21:31:56 -------- d-----w- c:\program files\ESET

2011-05-14 16:36:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2011-05-14 06:00:42 -------- d-----w- c:\docume~1\carter\applic~1\Malwarebytes

2011-05-14 05:59:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-14 05:59:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-05-14 05:59:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-14 05:59:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-14 04:59:01 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-05-14 04:59:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2011-04-23 17:33:59 937984 ----a-w- c:\windows\system32\dllcache\winbrand.dll

2011-04-23 17:32:58 86016 ----a-w- c:\windows\system32\dllcache\icwconn2.exe

2011-04-23 17:31:59 89088 ----a-w- c:\windows\system32\dllcache\wmiaprpl.dll

2011-04-23 17:30:59 831519 ----a-w- c:\windows\system32\dllcache\mswdat10.dll

.

==================== Find3M ====================

.

.

============= FINISH: 17:25:47.34 ===============

 

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/15/2010 2:13:54 PM

System Uptime: 5/15/2011 5:16:32 PM (72 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | A7N8X-X

Processor: AMD Athlon XP 2500+ | Socket A | 1830/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 49.992 GiB free.

D: is CDROM (CDFS)

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP90: 2/17/2011 9:00:24 PM - Software Distribution Service 3.0

RP91: 2/18/2011 9:00:26 PM - Software Distribution Service 3.0

RP92: 2/19/2011 9:00:25 PM - Software Distribution Service 3.0

RP93: 2/20/2011 9:00:33 PM - Software Distribution Service 3.0

RP94: 2/21/2011 9:00:27 PM - Software Distribution Service 3.0

RP95: 2/22/2011 9:00:23 PM - Software Distribution Service 3.0

RP96: 2/23/2011 9:00:41 PM - Software Distribution Service 3.0

RP97: 2/24/2011 9:00:26 PM - Software Distribution Service 3.0

RP98: 2/25/2011 9:00:26 PM - Software Distribution Service 3.0

RP99: 2/26/2011 9:00:22 PM - Software Distribution Service 3.0

RP100: 2/27/2011 9:00:24 PM - Software Distribution Service 3.0

RP101: 2/28/2011 9:00:43 PM - Software Distribution Service 3.0

RP102: 3/1/2011 9:00:48 PM - Software Distribution Service 3.0

RP103: 3/2/2011 9:00:44 PM - Software Distribution Service 3.0

RP104: 3/3/2011 9:00:37 PM - Software Distribution Service 3.0

RP105: 3/4/2011 9:00:22 PM - Software Distribution Service 3.0

RP106: 3/5/2011 9:00:25 PM - Software Distribution Service 3.0

RP107: 3/6/2011 9:00:24 PM - Software Distribution Service 3.0

RP108: 3/7/2011 9:00:32 PM - Software Distribution Service 3.0

RP109: 3/8/2011 9:00:36 PM - Software Distribution Service 3.0

RP110: 3/9/2011 9:00:24 PM - Software Distribution Service 3.0

RP111: 3/10/2011 9:00:31 PM - Software Distribution Service 3.0

RP112: 3/11/2011 8:26:40 PM - Software Distribution Service 3.0

RP113: 3/11/2011 9:00:19 PM - Software Distribution Service 3.0

RP114: 3/11/2011 9:19:14 PM - Removed Microsoft Silverlight

RP115: 3/11/2011 9:20:48 PM - Removed Pure Networks Platform

RP116: 3/11/2011 9:21:51 PM - Removed WebEx Support Manager for Internet Explorer

RP117: 3/11/2011 9:23:42 PM - Software Distribution Service 3.0

RP118: 3/12/2011 10:00:25 PM - Software Distribution Service 3.0

RP119: 3/13/2011 9:00:33 PM - Software Distribution Service 3.0

RP120: 3/14/2011 9:07:24 PM - Software Distribution Service 3.0

RP121: 3/15/2011 9:00:24 PM - Software Distribution Service 3.0

RP122: 3/16/2011 9:00:25 PM - Software Distribution Service 3.0

RP123: 3/17/2011 9:00:22 PM - Software Distribution Service 3.0

RP124: 3/18/2011 9:00:23 PM - Software Distribution Service 3.0

RP125: 3/19/2011 9:00:52 PM - Software Distribution Service 3.0

RP126: 3/20/2011 6:42:23 PM - Removed OpenOffice.org 3.3

RP127: 3/20/2011 9:00:28 PM - Software Distribution Service 3.0

RP128: 3/21/2011 9:00:31 PM - Software Distribution Service 3.0

RP129: 3/22/2011 9:00:24 PM - Software Distribution Service 3.0

RP130: 3/23/2011 9:00:32 PM - Software Distribution Service 3.0

RP131: 3/24/2011 6:43:19 PM - Software Distribution Service 3.0

RP132: 3/24/2011 9:00:16 PM - Software Distribution Service 3.0

RP133: 3/25/2011 9:04:26 PM - Software Distribution Service 3.0

RP134: 3/26/2011 9:00:26 PM - Software Distribution Service 3.0

RP135: 3/27/2011 9:00:22 PM - Software Distribution Service 3.0

RP136: 3/28/2011 9:00:26 PM - Software Distribution Service 3.0

RP137: 3/29/2011 9:00:26 PM - Software Distribution Service 3.0

RP138: 3/30/2011 9:00:42 PM - Software Distribution Service 3.0

RP139: 3/31/2011 9:00:47 PM - Software Distribution Service 3.0

RP140: 4/1/2011 9:01:21 PM - Software Distribution Service 3.0

RP141: 4/2/2011 9:01:00 PM - Software Distribution Service 3.0

RP142: 4/3/2011 9:00:56 PM - Software Distribution Service 3.0

RP143: 4/4/2011 9:00:21 PM - Software Distribution Service 3.0

RP144: 4/5/2011 9:00:35 PM - Software Distribution Service 3.0

RP145: 4/6/2011 9:00:25 PM - Software Distribution Service 3.0

RP146: 4/7/2011 9:00:37 PM - Software Distribution Service 3.0

RP147: 4/8/2011 9:00:35 PM - Software Distribution Service 3.0

RP148: 4/9/2011 9:00:40 PM - Software Distribution Service 3.0

RP149: 4/10/2011 9:00:45 PM - Software Distribution Service 3.0

RP150: 4/11/2011 8:02:23 PM - Software Distribution Service 3.0

RP151: 4/11/2011 9:01:22 PM - Software Distribution Service 3.0

RP152: 4/12/2011 9:00:36 PM - Software Distribution Service 3.0

RP153: 4/13/2011 9:00:20 PM - Software Distribution Service 3.0

RP154: 4/14/2011 9:00:27 PM - Software Distribution Service 3.0

RP155: 4/15/2011 9:01:31 PM - Software Distribution Service 3.0

RP156: 4/16/2011 9:00:31 PM - Software Distribution Service 3.0

RP157: 4/17/2011 9:00:21 PM - Software Distribution Service 3.0

RP158: 4/18/2011 9:00:19 PM - Software Distribution Service 3.0

RP159: 4/19/2011 9:00:34 PM - Software Distribution Service 3.0

RP160: 4/20/2011 9:01:07 PM - Software Distribution Service 3.0

RP161: 4/21/2011 9:00:21 PM - Software Distribution Service 3.0

RP162: 4/22/2011 9:00:20 PM - Software Distribution Service 3.0

RP163: 4/23/2011 10:24:32 AM - Software Distribution Service 3.0

RP164: 4/23/2011 10:25:33 AM - Software Distribution Service 3.0

RP165: 4/23/2011 9:00:28 PM - Software Distribution Service 3.0

RP166: 4/24/2011 9:00:39 PM - Software Distribution Service 3.0

RP167: 4/25/2011 8:57:21 AM - Software Distribution Service 3.0

RP168: 4/25/2011 9:00:23 PM - Software Distribution Service 3.0

RP169: 4/26/2011 9:00:46 PM - Software Distribution Service 3.0

RP170: 4/27/2011 9:00:55 PM - Software Distribution Service 3.0

RP171: 4/28/2011 9:00:39 PM - Software Distribution Service 3.0

RP172: 4/29/2011 9:00:39 PM - Software Distribution Service 3.0

RP173: 4/30/2011 9:00:27 PM - Software Distribution Service 3.0

RP174: 5/1/2011 9:00:27 PM - Software Distribution Service 3.0

RP175: 5/2/2011 9:00:22 PM - Software Distribution Service 3.0

RP176: 5/3/2011 9:00:50 PM - Software Distribution Service 3.0

RP177: 5/4/2011 9:01:08 PM - Software Distribution Service 3.0

RP178: 5/5/2011 9:00:30 PM - Software Distribution Service 3.0

RP179: 5/6/2011 9:00:57 PM - Software Distribution Service 3.0

RP180: 5/7/2011 9:00:47 PM - Software Distribution Service 3.0

RP181: 5/8/2011 9:01:15 PM - Software Distribution Service 3.0

RP182: 5/9/2011 9:00:29 PM - Software Distribution Service 3.0

RP183: 5/10/2011 9:02:15 PM - Software Distribution Service 3.0

RP184: 5/11/2011 9:01:46 PM - Software Distribution Service 3.0

RP185: 5/12/2011 9:00:48 PM - Software Distribution Service 3.0

RP186: 5/13/2011 9:01:01 PM - Software Distribution Service 3.0

RP187: 5/14/2011 9:00:38 PM - Software Distribution Service 3.0

RP188: 5/15/2011 9:03:57 AM - Removed COMODO Internet Security

RP189: 5/15/2011 9:00:16 PM - Software Distribution Service 3.0

RP190: 5/16/2011 9:00:28 PM - Software Distribution Service 3.0

RP191: 5/17/2011 9:00:22 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Share this post


Link to post
Share on other sites

This is a continuation of the above, it was cut off.

 

Auction Sentry Deluxe

Emsisoft Anti-Malware 5.1

F.lux

HomeBase 3

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

Java 6 Update 22

Logitech MouseWare 9.79

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Office 2000 Professional

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 4.0.1 (x86 en-US)

Mozilla Thunderbird (3.1.10)

MSXML 6 Service Pack 2 (KB973686)

NVIDIA Windows 2000/XP nForce Drivers

PDF-Viewer

Samsung ML-1740 Series

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB944338-v2)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971032)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981350)

Security Update for Windows XP (KB982381)

Skype Toolbars

Skype™ 5.3

SpeedFan (remove only)

Spybot - Search & Destroy

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB898461)

Update for Windows XP (KB925720)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Webroot Software

Windows Genuine Advantage Notifications (KB905474)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Yahoo! Messenger

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

5/15/2011 9:19:31 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

5/15/2011 3:43:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

5/15/2011 3:41:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 Fips

5/15/2011 3:25:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

5/15/2011 3:25:46 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

5/15/2011 3:25:46 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/15/2011 3:25:46 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/15/2011 3:25:46 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

5/15/2011 3:25:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

5/15/2011 3:25:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/14/2011 9:01:09 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 6.0 Service Pack 2 (KB954459).

5/11/2011 7:44:57 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{AC84CFEC-59F2-48D3-A12A-4297ADCB89BA} because another computer on the network has the same name. The server could not start.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hi CarterRichardCarter!!

 

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D

 

 

Lets go ahead and update your Internet Explorer to Internet Explorer 8. Please visit this page here to update.

----------

 

**Be sure to update your Windows as that is out of date as well. Keeping Windows updated will help to reduce your chances of infection. You can do so by following the instructions in #5 below. :) **

 

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

 

**Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted by right clicking and selecting delete so they aren't cluttering up your desktop.**

 

Here are some tips to reduce the potential for spyware infection in the future:

 

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and Update an Anti-Virus Software - I can not overemphasize the need for you to use and update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

 

4. Firewall

Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.

**Do not install more than one firewall program because they will conflict with each other**

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

 

6. Filehippo's Update Checker. It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.

 

7. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.

For information on how to download and install, please read this tutorial by WinHelp2002

Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

 

8. WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

 

9. Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:

Instructions for - Spybot S & D and Ad-aware

 

10. Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

 

 

Share this post


Link to post
Share on other sites

Hi CarterRichardCarter!!

 

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D

 

 

Lets go ahead and update your Internet Explorer to Internet Explorer 8. Please visit this page here to update.

----------

 

**Be sure to update your Windows as that is out of date as well. Keeping Windows updated will help to reduce your chances of infection. You can do so by following the instructions in #5 below. :) **

 

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

 

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

 

Here are some tips to reduce the potential for spyware infection in the future:

 

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and Update an Anti-Virus Software - I can not overemphasize the need for you to use and update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

 

4. Firewall

Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.

**Do not install more than one firewall program because they will conflict with each other**

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

 

6. Filehippo's Update Checker. It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.

 

7. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.

For information on how to download and install, please read this tutorial by WinHelp2002

Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

 

8. WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

 

9. Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:

Instructions for - Spybot S & D and Ad-aware

 

10. Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×