Computer Hope
Software => Computer viruses and spyware => Topic started by: dianeliz on September 15, 2008, 11:05:45 PM
-
As requested, I'm starting a new topic based on the one called "Getting rid of annoying dialing sound". I don't have anything to add yet. They're supposed to be linked, but I have no idea how to do that. More later, maybe tomorrow.
-
Here is the link to the original topic:
http://www.computerhope.com/forum/index.php/topic,66108.0.html
I think, If I am right, Broni wants you to look here and follow the steps:
http://www.computerhope.com/forum/index.php/topic,46313.0.html
-
Yes, I was already doing that, the malware stuff. Am I supposed to do something with that link you gave me?
Anyway, the scan is now finished, the files (all adware) deleted, and here is the scan log. Thanks in advance for whatever you can make of it! By the way, I still have the dialing sound, so it doesn't seem that the adware was causing it. Ah well... If you have any other ideas, I'd appreciate it.
Oh, this log is too long, over 20,000 characters, so I'll have to do 2 posts...
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/15/2008 at 11:15 PM
Application Version : 4.21.1004
Core Rules Database Version : 3568
Trace Rules Database Version: 1556
Scan type : Complete Scan
Total Scan Time : 00:40:08
Memory items scanned : 466
Memory threats detected : 0
Registry items scanned : 4661
Registry threats detected : 58
File items scanned : 57207
File threats detected : 216
Adware.Tracking Cookie
C:\Documents and Settings\Diane\cookies\diane@interclick[2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@statcounter[1].txt
C:\Documents and Settings\Diane\cookies\diane@hitbox[2].txt
C:\Documents and Settings\Diane\cookies\diane@thefind[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\diane@zedo[2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@tribalfusion[1].txt
C:\Documents and Settings\Diane\cookies\diane@adinterax[2].txt
C:\Documents and Settings\Diane\cookies\diane@specificclick[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@overture[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@bfast[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][9].txt
C:\Documents and Settings\Diane\cookies\diane@2o7[1].txt
C:\Documents and Settings\Diane\cookies\diane@doubleclick[2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][4].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@imrworldwide[1].txt
C:\Documents and Settings\Diane\cookies\diane@adlegend[1].txt
C:\Documents and Settings\Diane\cookies\diane@burstnet[1].txt
C:\Documents and Settings\Diane\cookies\diane@trafficmp[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@advertising[1].txt
C:\Documents and Settings\Diane\cookies\diane@web-stat[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\diane@findarticles[2].txt
C:\Documents and Settings\Diane\cookies\diane@northstartravelmedia[2].txt
C:\Documents and Settings\Diane\cookies\[email protected][3].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][6].txt
C:\Documents and Settings\Diane\cookies\diane@fastclick[1].txt
C:\Documents and Settings\Diane\cookies\diane@atdmt[2].txt
C:\Documents and Settings\Diane\cookies\diane@realmedia[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\diane@casalemedia[1].txt
C:\Documents and Settings\Diane\cookies\diane@indextools[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\diane@mediaplex[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\diane@questionmarket[2].txt
C:\Documents and Settings\Diane\cookies\diane@winecountrygiftbaskets[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@revsci[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@airlineflighttracking[1].txt
C:\Documents and Settings\Diane\cookies\diane@tacoda[2].txt
C:\Documents and Settings\Diane\cookies\diane@collective-media[1].txt
C:\Documents and Settings\Diane\cookies\diane@discount-all-inclusive[2].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][3].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][3].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\diane@keywordmax[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@adrevolver[2].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@atwola[2].txt
C:\Documents and Settings\Diane\cookies\diane@bizrate[2].txt
C:\Documents and Settings\Diane\cookies\diane@superstats[2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][10].txt
C:\Documents and Settings\Diane\cookies\diane@mapsofindia[1].txt
C:\Documents and Settings\Diane\cookies\diane@roiservice[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\diane@apmebf[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\diane@bluestreak[2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@trafficdashboard[1].txt
C:\Documents and Settings\Diane\cookies\diane@indexstats[1].txt
C:\Documents and Settings\Diane\cookies\diane@247realmedia[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][5].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\diane@flightstats[2].txt
C:\Documents and Settings\Diane\cookies\diane@insightexpressai[2].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\diane@123count[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][7].txt
C:\Documents and Settings\Diane\cookies\[email protected][11].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][6].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@serving-sys[2].txt
C:\Documents and Settings\Diane\cookies\diane@countrysun[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@gomyron[3].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@gostats[1].txt
C:\Documents and Settings\Diane\cookies\diane@gomyron[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][4].txt
C:\Documents and Settings\Diane\cookies\diane@yourprivacyguard[1].txt
C:\Documents and Settings\Diane\cookies\diane@clckm[1].txt
C:\Documents and Settings\Diane\cookies\diane@nextag[1].txt
C:\Documents and Settings\Diane\cookies\diane@partner2profit[1].txt
C:\Documents and Settings\Diane\cookies\diane@clickauditor[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\diane@adtech[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][8].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\diane@adbrite[2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@questionpro[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@kontera[2].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@chitika[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@insightvacations[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][5].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@insightexpress[1].txt
C:\Documents and Settings\Diane\cookies\diane@qnsr[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\diane@xiti[1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\diane@clickaider[2].txt
C:\Documents and Settings\Diane\cookies\diane@kanoodle[2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\diane@adecn[1].txt
C:\Documents and Settings\Diane\cookies\[email protected]
C:\Documents and Settings\Diane\cookies\diane@eyewonder[2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@qksrv[2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\diane@pro-market[2].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected]
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\diane@sexy-naughty-crotchless[2].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
C:\Documents and Settings\Diane\cookies\[email protected][2].txt
C:\Documents and Settings\Diane\cookies\[email protected][3].txt
C:\Documents and Settings\Diane\cookies\[email protected][1].txt
-
Rest of log:
Adware.GAIN/Gator
HKLM\Software\Gator.com
HKLM\Software\Gator.com\AppInfo
HKLM\Software\Gator.com\CMEII
HKLM\Software\Gator.com\CMEII#AppHist
HKLM\Software\Gator.com\CMEII#numInst
HKLM\Software\Gator.com\Gator
HKLM\Software\Gator.com\Gator\dyn
HKLM\Software\Gator.com\Gator\dyn\GCH
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#StartTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#OldestTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#172-200
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#172-bytes
HKLM\Software\Gator.com\Gator\dyn\GUS
HKLM\Software\Gator.com\Gator\dyn\GUS#_BWHist
HKLM\Software\Gator.com\Gator\stat
HKLM\Software\Gator.com\Gator\stat\Users
HKLM\Software\Gator.com\Gator\stat\Users#CurrentUser
HKLM\Software\Gator.com\Gator\stat\Users\User1
HKLM\Software\Gator.com\Gator\stat\Users\User1#Empty
HKLM\Software\Gator.com\Gator\stat\Users\User1#ShowWelcomeFormHelper
HKLM\Software\Gator.com\Gator\stat\Users\User1#ShowWelcomeLoginHelper
HKLM\Software\Gator.com\Gator\stat\Users\User1#PromptCaptureLogin
HKLM\Software\Gator.com\Gator\stat\Users\User1#UpdateInfoLastTab
HKLM\Software\Gator.com\Gator\stat\Users\User1#Name
HKLM\Software\Gator.com\Gator\stat\Users\User1#RegStatus
HKLM\Software\Gator.com\Gator\stat\Users\User1#SiteInfo
HKLM\Software\Gator.com\Gator\stat\Users\User1#RegInfo
HKLM\Software\Gator.com\Gator\stat\Users\User1#UserPrefForm
HKLM\Software\Gator.com\Gator\stat\Users\User1#AutoTuneLoginInfo
HKLM\Software\Gator.com\Gator\stat\Users\User1#InfoSiteForms
HKLM\Software\Gator.com\Gator\stat\Users\User1#NumLoginRemindersShown
HKLM\Software\Gator.com\Gator\stat\Users\User1#AutoTuneCountForm
HKLM\Software\Gator.com\Gator\stat\Users\User1#UserPrefLogin
HKLM\Software\Gator.com\Gator\stat\Users\User1#StopAutoTuneLogin
HKLM\Software\Gator.com\Gator\stat\Users\User1\Sounds
HKLM\Software\Gator.com\Gator\stat\Users\User1\Sounds#Enabled
HKLM\Software\Gator.com\Gator\stat\Users\User1\Sounds#FillEnabled
HKLM\Software\Gator.com\Gator\stat\Users\User2
HKLM\Software\Gator.com\Gator\stat\Users\User2#Empty
HKLM\Software\Gator.com\Gator\stat\Users\User2#ShowWelcomeFormHelper
HKLM\Software\Gator.com\Gator\stat\Users\User2#ShowWelcomeLoginHelper
HKLM\Software\Gator.com\Gator\stat\Users\User2#PromptCaptureLogin
HKLM\Software\Gator.com\Gator\stat\Users\User2#UpdateInfoLastTab
HKLM\Software\Gator.com\Gator\stat\Users\User2#Name
HKLM\Software\Gator.com\Gator\stat\Users\User2#RegStatus
HKLM\Software\Gator.com\Gator\stat\Users\User2#SiteInfo
HKLM\Software\Gator.com\Gator\stat\Users\User2#RegInfo
HKLM\Software\Gator.com\Gator\stat\Users\User2#AutoTuneLoginInfo
HKLM\Software\Gator.com\Gator\stat\Users\User2#InfoSiteForms
HKLM\Software\Gator.com\Gator\stat\Users\User2#UserPrefForm
HKLM\Software\Gator.com\Gator\stat\Users\User2#UserPrefLogin
HKLM\Software\Gator.com\Gator\stat\Users\User2#StopAutoTuneLogin
HKLM\Software\Gator.com\Gator\stat\Users\User2#NumLoginRemindersShown
HKLM\Software\Gator.com\Gator\stat\Users\User2#AutoTuneCountForm
HKLM\Software\Gator.com\Gator\stat\Users\User2\Sounds
HKLM\Software\Gator.com\Gator\stat\Users\User2\Sounds#Enabled
HKLM\Software\Gator.com\Gator\stat\Users\User2\Sounds#FillEnabled
-
Hi! Well, I didn't get a reply to my scan log, so I'm hoping no news is good news. So, I went ahead to step 4. Here's the log:
Malwarebytes' Anti-Malware 1.28
Database version: 1163
Windows 5.1.2600 Service Pack 2
16-Sep-08 9:34:45 PM
mbam-log-2008-09-16 (21-34-45).txt
Scan type: Quick Scan
Objects scanned: 43663
Time elapsed: 3 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\silc_dll.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\atmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\model.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\silc.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
Since I've still got the dialing sound, I guess I'll continue on.
-
And here's the 2nd Hijack log. The program has been renamed sniper.exe.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:46 AM, on 17-Sep-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\sabserv.exe
C:\Program Files\Alarm95\Alarm95.exe
C:\Program Files\MemTurbo30\MemTurbo.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\WINDOWS\system32\CfgSrvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\system32\CfgSrvc.exe
C:\WINDOWS\SDMan.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPSMON\UPSMON_Service.Exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://24.248.216.205/exchange/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/landingpages/cd.asp?affid=307&lpname=vso&cid=8152&appurl=http://us.mcafee.com/apps/AppCommon/updreg.asp?app=http://us.mcafee.com/apps/vso/en-us/redir.asp?affid=307&installtype=force&lpname=vso&systempopup=true (obfuscated)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPub.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Alarm 95.lnk = C:\Program Files\Alarm95\Alarm95.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo30\MemTurbo.exe
O4 - Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Startup: Microsoft Office Find Fast Indexer.lnk = C:\MSOffice\Office\FINDFAST.EXE
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Sabre Server.lnk = C:\WINDOWS\sabserv.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.agentware.net
O15 - Trusted Zone: *.jacquielawson.com
O15 - Trusted Zone: *.sabre.com
O15 - Trusted Zone: *.vacationstudio.net
O15 - Trusted Zone: *.virtuallythere.com
O16 - DPF: {03A89EFD-E023-7700-A22D-45F77558EB4C} (ILINCInstall77 Class) - http://learnlinc.sabre.com/download/ilinci77.dll
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://tnz.webex.com/client/T25L/training/ieatgpc.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Unknown owner - C:\PROGRA~1\EARTHL~1\PROTEC~1\EFWPPS~1.EXE (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe
--
End of file - 9706 bytes
By the way, the one thing I didn't do is update my Java because Sabre, a program I need for my home business, requires a certain version of Java, and if I changed it, I'd then need to call Sabre to have them help me put back whichever version I need. However, if you really think that Java is causing my dialing sound, I guess I'll have to live with it until Sabre updates to the next level of Java.
Thanks!
-
Open HijackThis and select Do a system scan only.
Place a check mark next to the following entries: (if there)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://24.248.216.205/exchange/
Important: Close all windows except for HijackThis and then click Fix checked.
Exit HijackThis and restart the computer to register the changes made by HijackThis.
----------
Run the Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner)
In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
- Click on SCAN NOW
- Click Accept.
- The program will then begin downloading the latest definition files.
- Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
- The scan will take a while, so be patient and let it finish.
When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As- Next, in the Save as prompt, Save in area, select: Desktop.
- In the File name area use KScan, or something similar.
- In Save as type: click the drop arrow and select: Text file [*.txt]
- Then, click: Save
(http://i154.photobucket.com/albums/s258/evilfantasy69/Kas-Savetxt.gif)
Copy and paste the Kaspersky Online Scanner Report in your next reply.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
-
Not much here:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, September 17, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, September 17, 2008 22:24:55
Records in database: 1246444
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics:
Files scanned: 53421
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 04:48:24
No malware has been detected. The scan area is clean.
The selected area was scanned.
-
Whatever is going on I'm pretty sure it isn't malware.
-
Um, yep! :D
I sure was hoping someone else had encountered this annoying dialing sound as well.
-
You might try posting in the Windows forum to see if someone there knows what it is.