Home / Software / Computer viruses and spyware / Infected Computer
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] 2  All - (Bottom) Print
Author Topic: Infected Computer  (Read 2895 times)
cking137
Topic Starter
Rookie



Posts: 11
« on: October 03, 2009, 10:08:51 AM »
I mentioned to a friend that my computer was so infected that it was difficult to use.  It frequently freezes when trying to load web pages, programs run slowly, etc.  It has gotten progressively worse and is now to the point where it is frustrating and difficult to use for the most simple tasks. 

I'm in the process of following the malware removal help post and have made it through the step of running Super Anti Spyware.  The instructions say to post the scan log, so here I go. 

Thank you in advance of any help you can provide!

Curtis

[attachment deleted by admin]
IP logged
harry 48
Egghead



Thanked: 128
Posts: 3,111

Certifications: List
Computer: Specs
Experience: Familiar
OS: Windows 7


lay back , relax and chill out

1 1 1
« Reply #1 on: October 03, 2009, 01:30:03 PM »
add all the logs to your first post i'll remove this when your finished
IP logged
http://diy-help.forumotion.co.uk/   D.I.Y. help forum
SuperDave
Malware Removal Specialist
Moderator
Prodigy



Thanked: 571
Posts: 6,550

Certifications: List
Experience: Experienced
OS: Windows XP
« Reply #2 on: October 03, 2009, 06:12:52 PM »
Please copy and paste your logs instead of attaching them. It's much easier to read.
IP logged
AMD Athlon XP 1900+ 1.47 GHz  3 GB Ram Windows XP  Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware  and Threatfire with Comodo Firewall & Windows Defender
AK91K
Newbie



Posts: 1
« Reply #3 on: October 03, 2009, 08:48:24 PM »
Hey, I can help you with this, it's most probably not your computer being infected, but could possibly be. It can be sorted out with a utility program which will check your computer for errors and if you do not have a virus scan I can recommend a good free one.

All I ask in return is a thanks if the problem is solved, as I would like to get my rep up!
IP logged
harry 48
Egghead



Thanked: 128
Posts: 3,111

Certifications: List
Computer: Specs
Experience: Familiar
OS: Windows 7


lay back , relax and chill out

1 1 1
« Reply #4 on: October 04, 2009, 08:10:01 AM »
Quote from: AK91K on October 03, 2009, 08:48:24 PM
Hey, I can help you with this, it's most probably not your computer being infected, but could possibly be. It can be sorted out with a utility program which will check your computer for errors and if you do not have a virus scan I can recommend a good free one.

All I ask in return is a thanks if the problem is solved, as I would like to get my rep up!

superdave is working with cking137 , please do not try to help as well it will only confuse , and asking for thanks is not a very nice thing to do just to get your figures up , you will be thanked if you earn it
IP logged
http://diy-help.forumotion.co.uk/   D.I.Y. help forum
cking137
Topic Starter
Rookie



Posts: 11
« Reply #5 on: October 10, 2009, 11:13:21 AM »
The SuperAntiSpyware log is:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/01/2009 at 09:56 AM

Application Version : 4.29.1002

Core Rules Database Version : 4137
Trace Rules Database Version: 2069

Scan type       : Complete Scan
Total Scan Time : 08:59:13

Memory items scanned      : 364
Memory threats detected   : 0
Registry items scanned    : 4680
Registry threats detected : 33
File items scanned        : 136469
File threats detected     : 257

Adware.AdSponsor/ISM
   HKLM\Software\Classes\CLSID\{17BFCF1A-B579-48a7-9849-719DDD11D340}
   HKCR\CLSID\{17BFCF1A-B579-48A7-9849-719DDD11D340}
   HKCR\CLSID\{17BFCF1A-B579-48A7-9849-719DDD11D340}
   HKCR\CLSID\{17BFCF1A-B579-48A7-9849-719DDD11D340}\Implemented Categories
   HKCR\CLSID\{17BFCF1A-B579-48A7-9849-719DDD11D340}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
   HKCR\CLSID\{17BFCF1A-B579-48A7-9849-719DDD11D340}\InprocServer32
   HKCR\CLSID\{17BFCF1A-B579-48A7-9849-719DDD11D340}\InprocServer32#ThreadingModel
   HKCR\CLSID\{17BFCF1A-B579-48A7-9849-719DDD11D340}\ProgID
   HKCR\CLSID\{17BFCF1A-B579-48A7-9849-719DDD11D340}\VersionIndependentProgID
   HKCR\GrandBar.Band.1
   HKCR\GrandBar.Band
   C:\PROGRAM FILES\GRANDPACK\GRANDPACK2.DLL
   HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{17BFCF1A-B579-48a7-9849-719DDD11D340}

Adware.Vundo Variant
   HKLM\Software\Classes\CLSID\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}
   HKCR\CLSID\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}
   HKCR\CLSID\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}\InprocServer32
   HKCR\CLSID\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}\InprocServer32#ThreadingModel
   C:\WINDOWS\SYSTEM32\TUVUSTT.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}
   HKCR\CLSID\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}

Trojan.WinFixer
   HKLM\Software\Classes\CLSID\{870C2829-88AB-4606-8C23-0A98795126B3}
   HKCR\CLSID\{870C2829-88AB-4606-8C23-0A98795126B3}
   HKCR\CLSID\{870C2829-88AB-4606-8C23-0A98795126B3}\InprocServer32
   HKCR\CLSID\{870C2829-88AB-4606-8C23-0A98795126B3}\InprocServer32#ThreadingModel
   C:\WINDOWS\SYSTEM32\SSQRO.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{870C2829-88AB-4606-8C23-0A98795126B3}
   HKU\S-1-5-21-2367804977-3653976795-2492523613-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{870C2829-88AB-4606-8C23-0A98795126B3}

Adware.Tracking Cookie
   C:\Documents and Settings\Friends\Cookies\friends@content.yieldmanager[1].txt
   C:\Documents and Settings\Friends\Cookies\friends@doubleclick[1].txt
   C:\Documents and Settings\Friends\Cookies\friends@atdmt[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@a1.interclick[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@a1.interclick[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@ad.doubleclick[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@ads.bridgetrack[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@ads.lucidmedia[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@ads.nba[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@ads.pointroll[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@ads.pointroll[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@ads.verticalscope[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@ads.widgetbucks[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@adserver.adtechus[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@adultfriendfinder[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@adultfriendfinder[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@apmebf[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@apmebf[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@at.atwola[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@at.atwola[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@atwola[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@cache.trafficmp[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@cdn4.specificclick[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@chitika[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@cms.trafficmp[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@collective-media[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@content.yieldmanager[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@content.yieldmanager[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@content.yieldmanager[3].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@counter15.sextracker[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@delivery.trafficjunky[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@eyewonder[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@hearstugo.112.2o7[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@iacas.adbureau[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@icebanner[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@imrworldwide[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@insightexpressai[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@insightexpressai[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@interclick[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@interclick[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@invitemedia[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@invitemedia[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@media.brandreachsys[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@media.photobucket[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@media.photobucket[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@media6degrees[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@media6degrees[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@myroitracking[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@network.realmedia[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@oasn04.247realmedia[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@oasn04.247realmedia[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@optimize.indieclick[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@optimize.indieclick[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@ordie.adbureau[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@pornhub[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@richmedia.yahoo[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@sexmultiplex[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@sixapart.adbureau[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@socialmedia[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@socialmedia[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@specificclick[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@specificclick[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@specificmedia[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@specificmedia[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@statcounter[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@statcounter[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@super.kitnmedia[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@thestreet.112.2o7[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@vogelbanner575[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@www.blogbannerexchange[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@www.burstbeacon[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@www.burstnet[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@www.pornhub[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@www.sexmultiplex[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@xiti[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@xxxblackbook[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@dalenetwork.directtrack[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@directtrack[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@6144.9907793-searchingmax.com.clickshield[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@6145.45.clickshield[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@6149.av1.clickshield[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@6149.red2.clickshield[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@6403.kliktraffic.blueseek[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ad.zanox[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@adecn[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@adfarm1.adition[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@adlegend[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@adopt.specificclick[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ads.adap[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ads.addynamix[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ads.admanage[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ads.bootcampmedia[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ads.bridgetrack[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ads.doubleagent[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ads.imarketservices[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ads.lucidmedia[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ads.pointroll[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ads.realtechnetwork[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ads.redorbit[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ads.specificmedia[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ads.traffic-o-rama[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ads.us.e-planning[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ads.widgetbucks[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ads2.drivelinemedia[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@adserve.gossipgirls[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@adserver.adtechus[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@adserver.easyad[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@adserving.contextualmarketplace[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@adservr[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@adultadworld[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@advertising.ezanga[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@aff.primaryads[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@airtrafficcontrolequipment[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@apmebf[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@at.atwola[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@atwola[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@avgtechnologies.112.2o7[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@azjmp[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@bet.burstnet[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@blockedclick[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@bootcampmedia[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@bridge2.admarketplace[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@cache.trafficmp[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@cdn4.specificclick[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@cgm.adbureau[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@chitika[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@clickarrows[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@clickbooth[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@clicksmart[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@clickthrough.kanoodle[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@collective-media[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@content.yieldmanager[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@content.yieldmanager[3].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@contractors.clicksmart[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@counter.hitslink[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@crackle[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@dc.tremormedia[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@directtrack[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@dr.findlinks[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@drivelinemedia[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@dynamic.media.adrevolver[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ehg-lattelove.hitbox[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ehg-players.hitbox[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ehg-ripedigitalentertainment.hitbox[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ehg-traderelectronicmedia.hitbox[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@ehg.hitbox[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@exitexchange[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@exitexchange[3].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@exittracking[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@finditquick[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@googl-stats[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@googl-stats[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@hornymatches[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@imediablast[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@imrworldwide[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@incentaclick[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@insightexpressai[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@interclick[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@invitemedia[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@kelleybluebook.112.2o7[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@kontera[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@login.revenueloop[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@lulu.112.2o7[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@lynxtrack[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@media6degrees[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@mediatraffic[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@myroitracking[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@oasn04.247realmedia[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@partner.finditquick[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@primetrafficsite[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@prosecurityclicks[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@redirect.clickshield[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@redorbit[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@revenuehit[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@richmedia.yahoo[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@rotator.dex.adjuggler[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@rotator.its.adjuggler[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@sales.liveperson[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@sales.liveperson[3].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@servedby.onlinemediadiva[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@server.iad.liveperson[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@server.iad.liveperson[3].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@serving.adsrevenue.clicksor[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@serw.clicksor[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@sexandsubmission[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@specificclick[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@specificmedia[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@stats.adbrite[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@stopzilla[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@surfaccuracy[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@technoratimedia[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@thunderbolt.adjuggler[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@toseeka[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@trafficmp[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@videoegg.adbureau[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@waterfrontmedia.112.2o7[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@windowsmedia[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.adtrak[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.advertising365[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.advertyz[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.burstbeacon[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.burstnet[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.clicksmart[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.ebannerz[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.findit-quick[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.findstuff[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.goaltraffic[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.halstats[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.icityfind[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.incentaclick[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.jackpotmadness[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.mediatraffic[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.pro-advertise[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.riverbelle[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.search4clicks[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.sexandsubmission[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.stopzilla[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@www.toseeka[1].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@xml.trafficengine[2].txt
   C:\Documents and Settings\TwoFour\Cookies\twofour@yx0banners[2].txt

Trojan.ZenoSearch
   C:\WINDOWS\system32\msnav32.ax

Adware.Adservs
   C:\WINDOWS\system32\atmtd.dll._

Adware.Web Buying
   HKU\.DEFAULT\Software\WebBuying
   HKU\S-1-5-18\Software\WebBuying

Adware.Unclassified/Spruce
   HKU\.DEFAULT\Software\Spruce
   HKU\S-1-5-18\Software\Spruce

RootKit.TnCore/Trace
   C:\WINDOWS\system32\drivers\core.cache.dsk

Rogue.Installer/Trace
   C:\WINDOWS\Spyware Remover.ico
   C:\WINDOWS\Casino.ico
   C:\WINDOWS\Free Online Dating.ico

Adware.JavaCore/NoDNS
   C:\WINDOWS\system32\cs.dat
   C:\WINDOWS\system32\ps1.dat
   C:\WINDOWS\system32\rc.dat

Rogue.Component/Trace
   HKLM\Software\Microsoft\2C64EE46
   HKLM\Software\Microsoft\2C64EE46#2c64ee46
   HKLM\Software\Microsoft\2C64EE46#Version
   HKLM\Software\Microsoft\2C64EE46#2c6443c6
   HKLM\Software\Microsoft\2C64EE46#2c642a23

Adware.k8l
   C:\DOCUMENTS AND SETTINGS\TWOFOUR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LQ2DGQ97\ACTDKPUBID72[1].HTM
   C:\PROGRAM FILES\WINDOWS NT\CEVEPRU.HTML

Adware.Vundo/Variant-Trace
   C:\WINDOWS\SYSTEM32\ACRSMNNP.INI
   C:\WINDOWS\SYSTEM32\AWTXKKVN.INI
   C:\WINDOWS\SYSTEM32\BVJLEEXN.INI
   C:\WINDOWS\SYSTEM32\DHFAIGCM.INI
   C:\WINDOWS\SYSTEM32\EBTXLMNG.INI
   C:\WINDOWS\SYSTEM32\FKBVIRYM.INI
   C:\WINDOWS\SYSTEM32\FXMTWLIC.INI
   C:\WINDOWS\SYSTEM32\GKNNERUE.INI
   C:\WINDOWS\SYSTEM32\QMJWWVEH.INI
   C:\WINDOWS\SYSTEM32\QUHMILII.INI
   C:\WINDOWS\SYSTEM32\TKUYMMFE.INI
   C:\WINDOWS\SYSTEM32\UULPTJPV.INI
   C:\WINDOWS\SYSTEM32\VWSHPELN.INI

Trojan.Agent/Gen-<NAME>
   C:\WINDOWS\SYSTEM32\DLLCACHE\WINHELP.EXE
   C:\WINDOWS\WINHELP.EXE

Adware.Vundo Variant/Rel
   C:\WINDOWS\SYSTEM32\MCRH.TMP
   C:\WINDOWS\SYSTEM32\ORQSS.INI
   C:\WINDOWS\SYSTEM32\ORQSS.INI2

Trojan.Unknown Origin
   C:\WINDOWS\SYSTEM32\WAPIISV.EXE
   C:\WINDOWS\UNIST1.HTM

Trojan.Downloader-Gen
   C:\WINDOWS\SYSTEM32\WINPFZ32.SYS

Adware.Unknown Origin
   C:\WINDOWS\SYSTEM32\ZXDNT3D.CFG

Unclassified.Unknown Origin/System
   C:\WINDOWS\UNINST2.HTM



The Malwarebytes log post is:

Malwarebytes' Anti-Malware 1.39
Database version: 2546
Windows 5.1.2600 Service Pack 2

10/6/2009 7:08:16 PM
mbam-log-2009-10-06 (19-08-16).txt

Scan type: Quick Scan
Objects scanned: 180280
Time elapsed: 1 hour(s), 32 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 52

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\WinAble (Trojan.Adloader) -> Not selected for removal.

Files Infected:
c:\WINDOWS\system32\cont_globaladsolution-remove.exe (Adware.Agent) -> Not selected for removal.
C:\WINDOWS\system32\bb1.dat (Trojan.Agent) -> Not selected for removal.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Not selected for removal.
C:\WINDOWS\system32\din.ip (Malware.Trace) -> Not selected for removal.
C:\WINDOWS\system32\alog.txt (Stolen.data) -> Not selected for removal.
C:\WINDOWS\system32\drivers\blank.gif (Malware.Trace) -> Not selected for removal.
C:\WINDOWS\system32\drivers\box_2.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\button_buynow.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\button_freescan.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cell_bg.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cell_footer.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cell_header_block.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cell_header_remove.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cell_header_scan.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\detect.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\download_btn.jpg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\download_now_btn.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\footer_back.jpg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\header_1.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\header_2.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\header_3.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\header_4.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\header_red_bg.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\header_red_free_scan.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\infected.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\main_back.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\product_2_header.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\product_2_name_small.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\product_features.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\pt.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\rating.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\s_detect.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\screenshot.jpg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\sep_hor.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\sep_vert.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\shadow.jpg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\shadow_bg.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\spacer.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\star.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\star_gray.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\star_gray_small.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\star_small.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\style.css (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\v.gif (Malware.Trace) -> Not selected for removal.
C:\WINDOWS\system32\drivers\warning_icon.gif (Malware.Trace) -> Not selected for removal.
C:\WINDOWS\system32\drivers\win_logo.gif (Malware.Trace) -> Not selected for removal.
C:\WINDOWS\system32\drivers\x.gif (Malware.Trace) -> Not selected for removal.
C:\WINDOWS\system32\sznf.ascii (Fake.Dropped.Malware) -> Not selected for removal.
C:\WINDOWS\system32\dpqaqlqx.bin (Fake.Dropped.Malware) -> Not selected for removal.
C:\WINDOWS\system32\jpewocmz.ini (Fake.Dropped.Malware) -> Not selected for removal.
IP logged
cking137
Topic Starter
Rookie



Posts: 11
« Reply #6 on: October 10, 2009, 11:32:11 AM »
And here is the HijackThis log file.  The instructions say to give details, but I'm not sure what kind of details to give.  I got a couple errors when running the Malwarebytes program when I chose to remove the infected components.  The system would error out early on.  So I ran it again, told it not to remove the first 10, and it was able to remove all the others.  So there is something on there causing that program to bomb.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:02 AM, on 10/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0A8C4B80-A71B-453D-B016-0C1BA8FA13B0} - C:\WINDOWS\system32\ljJYSjGW.dll (file missing)
O2 - BHO: (no name) - {3A3BFC98-2747-4877-B8FC-F5A38F35F6F2} - C:\WINDOWS\system32\qoMccdbY.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {776dbb37-f521-4657-ad7d-05d6fe3a2275} - C:\WINDOWS\system32\orebfpt.dll (file missing)
O2 - BHO: (no name) - {A47EA377-C488-46B0-AAAF-92C6C4DF14DB} - C:\WINDOWS\system32\xxyXNFxw.dll (file missing)
O2 - BHO: (no name) - {BD7D3443-D5FC-4B21-9AD6-3F4FFF854CC6} - C:\WINDOWS\system32\iiffCSkL.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F2B0B442-46BA-46B6-98EC-388EF7F264AC} - C:\WINDOWS\system32\jkkKbBsR.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225251068921
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: iSecurity.cpl umqasn.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: tuvustt - tuvustt.dll (file missing)
O21 - SSODL: ServiceCD - {79bf11d5-9b71-4097-b916-a44de24573d0} - C:\WINDOWS\Installer\{79bf11d5-9b71-4097-b916-a44de24573d0}\ServiceCD.dll (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6123 bytes
IP logged
SuperDave
Malware Removal Specialist
Moderator
Prodigy



Thanked: 571
Posts: 6,550

Certifications: List
Experience: Experienced
OS: Windows XP
« Reply #7 on: October 10, 2009, 12:56:58 PM »
Hello cking137. Could you please run MBAM again to see if if will quarantine the ones that were not selected the first time. If it quarantines them, please post the log and also a new HJT log.
IP logged
AMD Athlon XP 1900+ 1.47 GHz  3 GB Ram Windows XP  Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware  and Threatfire with Comodo Firewall & Windows Defender
cking137
Topic Starter
Rookie



Posts: 11
« Reply #8 on: October 11, 2009, 12:38:07 AM »
It bombed again when I ran the Malwarebytes.  Here are the 13 files it found infected:

C:\WINDOWS\system32\cont_globaladsolution-remove.exe
C:\WINDOWS\system32\bb1.dat
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\ipewocmz.ini
IP logged
SuperDave
Malware Removal Specialist
Moderator
Prodigy



Thanked: 571
Posts: 6,550

Certifications: List
Experience: Experienced
OS: Windows XP
« Reply #9 on: October 11, 2009, 10:01:04 AM »
Hello cking137. Could you try renaming MBAM.exe to something else and then run it again. Just go to your C drive, Program Files, Malwarebytes-Antimalware and rename the mbam.exe file. If that doesn't work, try running it in Safe Mode. Tap F8 while rebooting and select safe mode.
IP logged
AMD Athlon XP 1900+ 1.47 GHz  3 GB Ram Windows XP  Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware  and Threatfire with Comodo Firewall & Windows Defender
cking137
Topic Starter
Rookie



Posts: 11
« Reply #10 on: October 12, 2009, 11:30:16 PM »
Okay, it finally worked in safe mode.  Below is the most recent log file.  Also, I'm curious if there is a way to get the service packs I don't have?  I bought my computer used from my work and they didn't give me a windows CD or anything.  So now when I try to install the updates, I get an error when it tries to install. 

Here is the log file:

Malwarebytes' Anti-Malware 1.39
Database version: 2546
Windows 5.1.2600 Service Pack 2

10/12/2009 11:23:04 PM
mbam-log-2009-10-12 (23-23-04).txt

Scan type: Quick Scan
Objects scanned: 186706
Time elapsed: 16 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\cont_globaladsolution-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bb1.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\din.ip (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alog.txt (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\blank.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\v.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\warning_icon.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\win_logo.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\x.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sznf.ascii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpqaqlqx.bin (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jpewocmz.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
IP logged
SuperDave
Malware Removal Specialist
Moderator
Prodigy



Thanked: 571
Posts: 6,550

Certifications: List
Experience: Experienced
OS: Windows XP
« Reply #11 on: October 13, 2009, 05:02:03 PM »
Hello cking137. It looks like MBAM got those last 10 items. Can you boot in Normal mode? If so, can you run another SAS and HJT and paste the logs here? Also, run another MBAM in Normal mode. If it comes up with something else found, please paste that log also.
IP logged
AMD Athlon XP 1900+ 1.47 GHz  3 GB Ram Windows XP  Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware  and Threatfire with Comodo Firewall & Windows Defender
cking137
Topic Starter
Rookie



Posts: 11
« Reply #12 on: October 18, 2009, 02:00:39 AM »
Here are the SAS and HJT log files:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/17/2009 at 11:45 AM

Application Version : 4.29.1004

Core Rules Database Version : 4137
Trace Rules Database Version: 2069

Scan type       : Complete Scan
Total Scan Time : 08:59:56

Memory items scanned      : 353
Memory threats detected   : 0
Registry items scanned    : 4678
Registry threats detected : 0
File items scanned        : 164352
File threats detected     : 52

Adware.Tracking Cookie
   C:\Documents and Settings\Friends\Cookies\friends@richmedia.yahoo[1].txt
   C:\Documents and Settings\Friends\Cookies\friends@imrworldwide[2].txt
   C:\Documents and Settings\Friends\Cookies\friends@ads.nicoclub[1].txt
   C:\Documents and Settings\Friends\Cookies\friends@oasn04.247realmedia[2].txt
   C:\Documents and Settings\Friends\Cookies\friends@specificmedia[1].txt
   C:\Documents and Settings\Friends\Cookies\friends@burstbeacon[1].txt
   C:\Documents and Settings\Friends\Cookies\friends@content.yieldmanager[2].txt
   C:\Documents and Settings\Friends\Cookies\friends@ad.yieldmanager[1].txt
   C:\Documents and Settings\Friends\Cookies\friends@advertising[1].txt
   C:\Documents and Settings\Friends\Cookies\friends@media.photobucket[1].txt
   C:\Documents and Settings\Friends\Cookies\friends@sexycelebritygallery[2].txt
   C:\Documents and Settings\Friends\Cookies\friends@sweetnakedcelebrities[2].txt
   C:\Documents and Settings\Friends\Cookies\friends@burstnet[2].txt
   C:\Documents and Settings\Friends\Cookies\friends@cdn4.specificclick[2].txt
   C:\Documents and Settings\Friends\Cookies\friends@www.burstnet[2].txt
   C:\Documents and Settings\Friends\Cookies\friends@doubleclick[1].txt
   C:\Documents and Settings\Friends\Cookies\friends@media6degrees[1].txt
   C:\Documents and Settings\Friends\Cookies\friends@2o7[2].txt
   C:\Documents and Settings\Friends\Cookies\friends@realmedia[2].txt
   C:\Documents and Settings\Friends\Cookies\friends@vip.clickzs[2].txt
   C:\Documents and Settings\Friends\Cookies\friends@adbrite[2].txt
   C:\Documents and Settings\Friends\Cookies\friends@www.burstbeacon[1].txt
   C:\Documents and Settings\Friends\Cookies\friends@chitika[2].txt
   C:\Documents and Settings\Friends\Cookies\friends@247realmedia[1].txt
   C:\Documents and Settings\Friends\Cookies\friends@content.yieldmanager[3].txt
   C:\Documents and Settings\Friends\Cookies\friends@atdmt[1].txt
   C:\Documents and Settings\Friends\Cookies\friends@specificclick[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@247realmedia[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@ad.yieldmanager[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@adbrite[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@ads.icorp[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@ads.nicoclub[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@atdmt[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@burstnet[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@cdn4.specificclick[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@chitika[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@content.yieldmanager[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@content.yieldmanager[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@doubleclick[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@imrworldwide[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@lfstmedia[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@media.photobucket[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@media6degrees[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@oasn04.247realmedia[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@sexycelebritygallery[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@specificclick[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@specificmedia[1].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@sweetnakedcelebrities[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@vip.clickzs[2].txt
   C:\Documents and Settings\HelpAssistant\Cookies\friends@www.burstnet[1].txt

Trojan.Unknown Origin
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{65F21555-D0D4-4A18-A3DE-35FA8DD51540}\RP696\A0091013.EXE

Adware.Unknown Origin
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{65F21555-D0D4-4A18-A3DE-35FA8DD51540}\RP696\A0091015.CFG





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:35 AM, on 10/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0A8C4B80-A71B-453D-B016-0C1BA8FA13B0} - C:\WINDOWS\system32\ljJYSjGW.dll (file missing)
O2 - BHO: (no name) - {3A3BFC98-2747-4877-B8FC-F5A38F35F6F2} - C:\WINDOWS\system32\qoMccdbY.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {776dbb37-f521-4657-ad7d-05d6fe3a2275} - C:\WINDOWS\system32\orebfpt.dll (file missing)
O2 - BHO: (no name) - {A47EA377-C488-46B0-AAAF-92C6C4DF14DB} - C:\WINDOWS\system32\xxyXNFxw.dll (file missing)
O2 - BHO: (no name) - {BD7D3443-D5FC-4B21-9AD6-3F4FFF854CC6} - C:\WINDOWS\system32\iiffCSkL.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F2B0B442-46BA-46B6-98EC-388EF7F264AC} - C:\WINDOWS\system32\jkkKbBsR.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225251068921
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: iSecurity.cpl umqasn.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: tuvustt - tuvustt.dll (file missing)
O21 - SSODL: ServiceCD - {79bf11d5-9b71-4097-b916-a44de24573d0} - C:\WINDOWS\Installer\{79bf11d5-9b71-4097-b916-a44de24573d0}\ServiceCD.dll (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6078 bytes
IP logged
SuperDave
Malware Removal Specialist
Moderator
Prodigy



Thanked: 571
Posts: 6,550

Certifications: List
Experience: Experienced
OS: Windows XP
« Reply #13 on: October 18, 2009, 01:19:19 PM »
Hello cking. Were you able to run MBAM in Normal Mode?
I would like you to do this:

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

•o2 - bho: (no name) - {02478d38-c3f9-4efb-9b51-7695eca05670} - (no file)

•o2 - bho: (no name) - {0a8c4b80-a71b-453d-b016-0c1ba8fa13b0} - c:\windows\system32\ljjysjgw.dll (file missing)

•o2 - bho: (no name) - {3a3bfc98-2747-4877-b8fc-f5a38f35f6f2} - c:\windows\system32\qomccdby.dll (file missing)

•o2 - bho: (no name) - {776dbb37-f521-4657-ad7d-05d6fe3a2275} - c:\windows\system32\orebfpt.dll (file missing)

•o2 - bho: (no name) - {a47ea377-c488-46b0-aaaf-92c6c4df14db} - c:\windows\system32\xxyxnfxw.dll (file missing)

•o2 - bho: (no name) - {bd7d3443-d5fc-4b21-9ad6-3f4fff854cc6} - c:\windows\system32\iiffcskl.dll (file missing)

•o2 - bho: (no name) - {f2b0b442-46ba-46b6-98ec-388ef7f264ac} - c:\windows\system32\jkkkbbsr.dll (file missing)

•o3 - toolbar: (no name) - {0bf43445-2f28-4351-9252-17fe6e806aa0} - (no file)

•o20 - winlogon notify: tuvustt - tuvustt.dll (file missing)

•o21 - ssodl: servicecd - {79bf11d5-9b71-4097-b916-a44de24573d0} - c:\windows\installer\{79bf11d5-9b71-4097-b916-a44de24573d0}\servicecd.dll (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

How is your computer running now?
Please post another HJT log after you do the above.
IP logged
AMD Athlon XP 1900+ 1.47 GHz  3 GB Ram Windows XP  Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware  and Threatfire with Comodo Firewall & Windows Defender
cking137
Topic Starter
Rookie



Posts: 11
« Reply #14 on: October 20, 2009, 11:35:26 PM »
I did as you instructed in HJT, please see the new log file below.  The computer seems to be running a little better, but still seems slower than it should be.  I'll keep an eye on it over the next couple days and let you know how it goes.

I'm still unable to install the microsoft updates that are recommended - service packs, etc.  The computer was purchased from my work and they didn't give me the windows software.  Is there any legal way you know I could get the updates?

Thank you for all your help!
Curtis




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:55 PM, on 10/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225251068921
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: iSecurity.cpl umqasn.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5006 bytes
IP logged
Pages: [1] 2  All - (Top) Print 
Home / Software / Computer viruses and spyware / Infected Computer « previous next »
 


Login with username, password and session length

Old Forum Search | Forum Rules
Copyright © 2010 Computer Hope ® All rights reserved.
Powered by SMF 2.0 RC3 | SMF © 2006–2010, Simple Machines LLC
Page created in 0.419 seconds with 22 queries.