Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
On Wednesday I got the Antivirus Pro 2009 virus, then I got rid of that and I am still having lots of problems.
I found out I had something to do with shopping report virus and I think I have gotten most of that off my computer.
Now I still am getting the google redirect thing. I have disabled all of the add-ons that I didn't know, but still have problems and came across this website when I was trying to figure out what to do for this.
I can't open half of the websites I try to open and I have Spy Sweeper, and I tried to update it and after it installed the updated version, I went to open it and it gives me a blue screen and I have to shut my computer off. I downloaded the Spy Doctor scan since I can't get my Spy Sweeper to work and it keeps telling me I have this cookie that is called 2o7.net/ 2o7.net and I can find it in the search in my cookies and delete it but it keeps showing up.
Also, I can't defragment my hard drive, it comes up with an error when I try to do it.
Can anyone help me?
I went ahead and googled the 207.net cookie that you have and recieved numerous hits ! One link said it would tell you how to remove the cookie and also stop it from returning. Here is the web site where you can go and read the instructions!http://www.bleepingcomputer.com/forums/lofiversion/index.php/t68174.html If you do not like their way of dealing with this problem ,as I stated I recieved numerous hits on google . Google 207.net yourself and look at the differant options !
Good Luck ,Nick
0 
Please download Malwarebytes' Anti-Malware from one of these sites:
1. Double Click mbam-setup.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.
Please download and install the latest version of HijackThis v2.0.2:
Download the "HijackThis" Installer from this link:
Hijack This
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
0
Nick R - I am not able to open up websites from google. I can get some to open up by pasting them in the address bar, however http://www.bleepingcomputer.com/for... did not work for me. I tried to google 2o7.net, but I couldn't get anything to open up for me.
jabuck - I was unable to start Malwarebytes. I dowloaded it from download.com because the 2 sites you gave me wouldn't open on my computer. I got through the setup but when I open the program it shows up in my task manager but nothing happens.I did get hijackthis to work, here is the log from it:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:34 PM, on 11/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.as...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_c...
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\user\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySp...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} - http://zone.msn.com/bingame/zpagame...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/insta...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)
O23 - Service: Webroot Client Service (WRConsumerService) - Unknown owner - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (file missing)--
End of file - 5520 bytes
0
If set up ran navigate to:
C:\program Files\Malwarebytes Antispyware
Rename mbam.exe to anne.exe then try to run it again.
If it still will not run rename all the .exe files in the C:\program Files\Malwarebytes Antispyware folder and see if it will run then.
0
I was unable to update the Malwarebytes before I ran it. It said I had to set my firewall to allow it to connect to the internet and I went to do that and it gave me an error saying it cannot add it to the exceptions. However, I was able to run w/out updating it by just changing the mbam.exe file and it seems like things are starting to work again :)
Is there anything else I need to do?
I thank you so much for helping me!!! I really hope this never happens, I was going crazy the last couple of days I am so glad I was able to get to this site and get help :) Thanks!!
0
i see you already received some helpful advices, but i think mine can be helpful too.
there's certainly some kind of malware blocking your security tools. there's not much you can do with disabled or outdated anti-spyware, so i suggest you look for manual removals.first of all you should make sure that AntivirusPro2009 is gone. here's AntivirusPro2009 removal ; it contains files names of everything installed by antivirus pro. search for these files on your computer, and delete those if they are still there.
tc;
0
I don't see an antivirus running, you need to get one before we continue..I use the free version of AVG antivirus, you can download it at this link:
AVG Free AntivirusUpdate it once you get it installed.
Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 10 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.Once you install an antivirus program and update your java ley us know and we will continue. There is more work to do yet.
0
I have the antivirus with SpySweeper, which I was unable to get to start working until I used the Malwarebytes. I have it on and running now.
I updated my Java to 6 update 10.
What do I do now?
0
We have a little work to do yet.
Download SDFix.exe and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.1.Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
2. Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
3. Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
4. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt
0
[b]SDFix: Version 1.240 [/b]
Run by user on Wed 11/19/2008 at 04:00 AMMicrosoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix[b]Checking Services [/b]:
[b]Name [/b]:
TDSSserv.sys[b]Path [/b]:
\systemroot\system32\drivers\TDSSpjkc.sysTDSSserv.sys - Deleted
Restoring Default Security Values
Restoring Default Hosts FileRebooting
[b]Checking Files [/b]:Trojan Files Found:
C:\WINDOWS\SYSTEM32\TASKKILL.exe - Deleted
C:\Program Files\Common Files\ogorolugaq._sy - Deleted
C:\Program Files\Common Files\zegesecome._sy - Deleted
C:\Program Files\Common Files\cuve.scr - Deleted
C:\WINDOWS\system32\drivers\TDSSpjkc.sys - Deleted
C:\WINDOWS\system32\TDSSvfgx.dat - Deleted
C:\WINDOWS\SYSTEM32\TDSSVFGX.dat - DeletedRemoving Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 04:23:17
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance]
"Last Counter"=dword:000017e6
"Last Help"=dword:000017e7
"Object List"="6114"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSpjkc.sys"
"group"="file system"[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSpjkc.sys"
"TDSSl"="\systemroot\system32\TDSSetni.dll"
"tdssservers"="\systemroot\system32\TDSSvfgx.dat"
"tdssmain"="\systemroot\system32\TDSSarlu.dll"
"tdsslog"="\systemroot\system32\TDSSdnqi.dll"
"tdssadw"="\systemroot\system32\TDSScnea.dll"
"tdssinit"="\systemroot\system32\TDSShacc.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSStyhc.dll"
"tdsserrors"="\systemroot\system32\TDSSfhte.log"
"TDSSproc"="\systemroot\system32\TDSShfog.log"scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe:*:Enabled:Network Diagnostic for Windows XP"
"C:\\Program Files\\Game of Life\\TheGameOfLife.exe"="C:\\Program Files\\Game of Life\\TheGameOfLife.exe:*:Disabled:The Game Of Life"
"C:\\Program Files\\Bearshare\\BearShare.exe"="C:\\Program Files\\Bearshare\\BearShare.exe:*:Enabled:BearShare"
"C:\\WINDOWS\\LMI8B.tmp\\rescue.exe"="C:\\WINDOWS\\LMI8B.tmp\\rescue.exe:*:Enabled:rescue"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Ares Destiny\\AresDestiny.exe"="C:\\Program Files\\Ares Destiny\\AresDestiny.exe:*:Enabled:Ares Destiny"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\\Program Files\\Spyware Doctor\\pctsGui.exe"="C:\\Program Files\\Spyware Doctor\\pctsGui.exe:*:Enabled:Spyware Doctor"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip[b]Files with Hidden Attributes [/b]:
Mon 22 Sep 2008 2,528,584 ...H. --- "C:\Program Files\Cinema Tycoon 2 - Movie Mania\CinemaTycoon2MovieMania.exe"
Sun 13 Apr 2008 1,695,232 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 10 Jan 2008 1,361,224 ...H. --- "C:\Program Files\Newspaper Puzzle Challenge - Sudoku Edition\Newspaper Puzzle Challenge - Sudoku Edition.exe"
Sun 13 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 18 Aug 2008 1,799,496 ...H. --- "C:\Program Files\Road to Riches\Road To Riches.exe"
Tue 2 Sep 2008 1,119,560 ...H. --- "C:\Program Files\Sunshine Acres\SunshineAcres.exe"
Sun 13 Apr 2008 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Wed 18 Oct 2006 64,000 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Tue 4 Apr 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 16 Nov 2005 365 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti70.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS00B9C306-058F-476F-A542-DB25AD2B00CA.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS00239484-DFB5-469A-9ED7-55FD048013CE.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS04F870FC-8366-4B1C-91E4-40EA3F616436.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS05F3D569-1FEE-4D8D-BF99-B53B47F86538.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS0DA9E9F0-02A7-43B3-97AA-136A7017563B.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS0D838985-57B4-42D4-90E9-F19485C63958.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS104067E1-A10A-4267-981B-631D44EC4BB7.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS162EAEA9-21B0-491D-B978-11D729F80CE3.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS182BB012-57B3-46C4-BF8B-7C408C932ECA.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS1A5306A5-89FE-4C16-8B05-6351CB5743D1.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS1D747094-ED49-49EB-B839-6CF944A48CB2.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS1ED13E4D-E4F4-46CD-9537-DF8A57CD3E2B.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS1F2CA7D5-32DA-4183-B0E2-0A573370BDEF.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS2006A660-EC74-48F8-9084-5D10EBBFB546.tmp"
Wed 19 Nov 2008 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS21CD3F89-A966-4896-867A-75EEEE438D25.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS2713DAC8-7F7F-412A-AA52-729001E4573C.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS28A7A7F9-72B5-466F-B9F2-DBE330D00EF5.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS296477C8-FFDC-4E96-8386-A79B6DDB46B1.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS34DF7281-E252-4674-86A0-5DF0A669637D.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS389BD12E-59E2-40CE-8ED3-A63FAB98EB40.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS3F93C6D6-11A5-4520-A8E1-844CEC522822.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS43E15852-76EF-4A72-9323-B0FEFF7261FE.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS4EB910FA-1FED-4EFC-8A1A-8FD718BCCC40.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS52EBDB59-A88B-4934-947B-2127198BD58B.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS5317FEAD-17C7-480F-AA2B-3619E84F2312.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS554A9A83-719B-4A75-A5EF-5B1F5479E694.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS5886643B-7D0D-4157-9E6F-88475626BCAD.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS581E7D02-927C-4A40-834E-25CB0D4B414C.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS59C3B488-152A-406A-B236-67A8B6B86BED.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS59F7316E-5CBC-4161-B2DB-C61062AAD7C3.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS656E5B29-B3CA-4C21-A243-C81A35B70173.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS697C0DE8-89A5-4276-A8C0-62A30BAFF1CA.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6C94E55E-17A4-4DCB-88BE-CBF6D66DA831.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6C8A54DA-0199-4D97-BDBE-4495DFECD812.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6DE6C878-4703-4009-B4D3-69B997879FB0.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6E376080-154D-48BC-B1AE-958830B24207.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6FFC1E8B-928A-4CD6-A8CF-94B8FAC556D3.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS70876C96-99DC-4ABA-A55B-8B9D08DA4896.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS72D00B54-4F02-421D-B4D3-68EC6C0E2517.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS730AF1BB-A2E0-4AE0-B5B2-37A8FADCCBA1.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS7387DE29-ABC6-406F-A7FE-A80DC3D8FDF2.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS73069FCE-8C12-4991-9AB8-2808DE3A5050.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS740F7A41-EEB5-4B02-B5B4-A05B73322D58.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS75F7A0B9-C1AC-46D1-B62C-C1610E081A59.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS78C0C297-499A-4B0B-854E-81E913BCBF44.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS79C8DF34-F56E-4A00-A3F4-1B0D7F4046F6.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS7A6C7255-3740-40F4-81FA-6D1519BD7FED.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS7C5BA444-AC02-4C0D-B082-7AB33086AD5E.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS801CE5BB-4233-4F22-8E0F-48C8FA01DB15.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS800B9D1A-A299-4219-9D60-DE2B6312698C.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS81BAF02D-DEAD-4E83-999D-5712AFC79300.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS8181DB90-2C94-4CBF-A417-6AC4927BF214.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS83EC067F-A356-4CA8-862E-99E1A2FD1BC3.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS83F5EC91-BBB3-4CA9-86BE-71F26435137B.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS84EC6ACE-7B7B-4FD2-B86A-25F1BAF463AF.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS842EF1DF-410A-4458-B4BE-C5638F5BCA68.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS843961D4-E552-4687-980D-748BC562F7CC.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS8577E0C9-630B-4248-BE2D-A10556176762.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS8722FAAD-21DB-475E-9A06-E01E6D623C43.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS89148EB8-3D9B-4ED5-A0A9-3D15B21349C7.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS897ADEF8-6266-416F-BA36-4F08C3171E67.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS8B432F58-D8AA-4540-BCB1-A756CC638F1B.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS8E24C71C-D6BC-4993-9378-BB289453BB94.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS8FD2C129-4A99-410C-A2D1-4EF958B5CFD3.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS8F98E62E-95A7-4EF2-B17F-E422671AD4D4.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS92BE181F-C8EA-4D3D-BC58-384B33036216.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS968CA077-1E1E-4BBC-B2C7-599D262B5960.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA0922069-F188-4019-A794-D6868071D51F.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA1CD3ADA-397B-444E-B056-DDDE88ACC444.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA2C3D3EC-0373-4C90-B60D-3E62D91FF7DA.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA4682997-97A0-4C62-A9ED-847AAD9281B9.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA72D998E-9EDB-43C3-9A58-A5A09E973F4E.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSAFE42623-997D-4F98-941D-F8374C632E5D.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSB1A1397C-751B-4B49-B937-7E69FEEA15CA.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSB275FDEA-7AF1-4651-AC61-0E8F483029C4.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSBAB31C2D-E585-4CE3-887D-203A66299E5F.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSBB548B05-A654-444F-AE24-60E99011B5F8.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSBCE8F0B7-9D44-47A0-8644-63B4F6AD9F04.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSC0BF901E-E466-4ED9-8E46-CB5BFDD572C9.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSC0F44322-C333-4EE1-857E-E19B461F1A5C.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSC2DEF659-AE74-4ADE-A6DE-414B5E3E09F5.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSC5B2A25D-07AA-4D31-A909-456B51B9E309.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSCBF339CF-391B-47F8-AE9A-4F8350A8F380.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSCD0AC28D-30E4-4F45-81CC-95388286F1A1.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSCDBAF2CD-111B-4098-8060-11AC675465BA.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSCEBD1D1D-A847-415F-B351-79ADF961EDC9.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSDDA55475-9FB6-4F63-9335-24DAD9167413.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSDD6ED96B-E247-4E29-9D2E-9B6626E3D4C0.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSDF01A2CD-E959-4388-B7E2-119666D1A480.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSE2A601AE-913A-446F-8481-A73F5FE828A0.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSE93CB886-9825-43D3-A24E-AFA85E09858F.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSED42EC66-7414-454E-8467-02CBC7F8C609.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSEFA5BFD0-ACC8-42C8-AD3E-B0B4DB773EA2.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSF27CABDB-EDE9-4F0A-A3BC-0A7129865B53.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSF293C93C-EB92-4EB6-90ED-13ED4D8EFC4E.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSF4A7D915-6940-4052-B0F0-107AC4516F8D.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSF5225CD0-BACE-475F-A6E9-3D83657BF907.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSF5BE7F42-169A-49FD-9867-755C8E8A1BA9.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSF9F207EE-A42B-41F9-B835-17FF5F2F6D6F.tmp"
Wed 19 Nov 2008 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSFA101DB1-B036-4C5E-AD74-52EFD813C1C5.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSFA4DCAB1-8A41-475D-B628-343D32D39B23.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSFB37C05C-D1AF-430A-9DE8-C752F524802B.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSFD1144D5-2960-4A69-92FE-3DC6C5F47463.tmp"
Wed 19 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSFD285FDE-A3BF-4025-9238-132670007AD6.tmp"
Fri 23 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 29 Jun 2006 1,403 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Fri 25 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\BIT4.tmp"[b]Finished![/b]
0
Please download ComboFix to the desktop from one of the following links:
Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.In your case to run Combofix do the following:
1. Go offline turn off your WebRoot antivirus, SpySweeper, Spyware Doctor and any other antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.
0
I went to the bleepingcomputer link and it says I need to download the microsoft recovery tool because I don't have my Windows CD and I did that, then it says to drag the icon to the combo fix one and when I do that it just prompts me to run the combofix.exe, not that it is installing the recovery console. What should I do?
0
Some helpers insist that you install that tool, but for now we don't. So just answer no to the request and continue with the scan, for the directions exactly.
0
ComboFix 08-11-19.08 - user 2008-11-20 20:05:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.237 [GMT -7:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
* Created a new restore point[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat----- BITS: Possible infected sites -----
hxxp://www.graboid.com
.
((((((((((((((((((((((((( Files Created from 2008-10-21 to 2008-11-21 )))))))))))))))))))))))))))))))
.2008-11-20 00:26 . 2008-11-20 00:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Launcher
2008-11-19 22:32 . 2008-11-19 22:32 <DIR> d-------- C:\Graboid
2008-11-19 22:31 . 2008-11-19 22:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Graboid Inc
2008-11-19 22:30 . 2008-11-19 22:31 <DIR> d-------- c:\documents and settings\user\Application Data\MozillaControl
2008-11-19 22:26 . 2008-11-20 14:17 <DIR> d-------- c:\program files\Graboid
2008-11-19 03:58 . 2008-11-19 03:58 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2008-11-19 03:54 . 2008-11-19 03:55 <DIR> d-------- c:\windows\ERUNT
2008-11-19 03:39 . 2008-11-19 04:30 <DIR> d-------- C:\SDFix
2008-11-18 16:44 . 2008-11-18 16:49 <DIR> d-------- c:\program files\Ares
2008-11-18 03:46 . 2008-11-18 03:46 <DIR> d-------- c:\program files\Sun
2008-11-18 03:46 . 2008-11-18 03:45 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-18 03:46 . 2008-11-18 03:45 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-17 09:13 . 2008-11-17 09:13 <DIR> d--hs---- c:\documents and settings\user\PrivacIE
2008-11-17 08:47 . 2008-11-17 08:48 <DIR> d--h-c--- c:\windows\ie8
2008-11-17 07:52 . 2008-11-17 07:52 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-17 07:41 . 2008-11-17 07:41 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-17 04:24 . 2008-11-17 04:24 <DIR> d-------- c:\windows\system32\scripting
2008-11-17 04:23 . 2008-11-17 04:23 <DIR> d-------- c:\windows\system32\en
2008-11-17 04:23 . 2008-11-17 04:23 <DIR> d-------- c:\windows\l2schemas
2008-11-17 04:17 . 2008-11-17 04:25 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-17 04:11 . 2008-11-17 07:42 1,393 --a------ c:\windows\imsins.BAK
2008-11-17 04:08 . 2008-11-17 04:08 <DIR> d-------- c:\windows\EHome
2008-11-17 04:01 . 2008-04-13 17:12 4,274,816 --------- c:\windows\system32\nv4_disp.dll
2008-11-17 04:00 . 2008-04-13 17:12 1,737,856 --------- c:\windows\system32\mtxparhd.dll
2008-11-17 03:59 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
2008-11-17 03:58 . 2008-04-13 17:11 870,784 --------- c:\windows\system32\ati3d1ag.dll
2008-11-17 03:47 . 2008-09-08 03:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-11-17 03:32 . 2008-08-14 03:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-17 03:32 . 2008-08-14 03:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-17 03:32 . 2008-08-14 02:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-17 03:32 . 2008-08-14 02:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-17 03:32 . 2008-09-15 05:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-11-17 03:32 . 2008-10-24 04:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-17 03:32 . 2008-10-15 09:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-11-17 03:31 . 2008-09-04 10:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-16 14:57 . 2008-11-16 14:57 <DIR> d-------- c:\documents and settings\user\Application Data\Malwarebytes
2008-11-16 12:56 . 2008-11-16 14:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-16 12:56 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-16 12:56 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-16 12:33 . 2008-11-16 12:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-13 22:24 . 2008-11-13 22:24 <DIR> d-------- C:\[u]0[/u]3c3316f0780e1a1293b1b76
2008-11-13 21:23 . 2008-11-13 21:23 <DIR> d-------- C:\7b4c139244f910d845984247
2008-11-13 11:22 . 2008-11-13 11:22 <DIR> d-------- c:\program files\Webroot
2008-11-13 11:22 . 2008-11-13 11:22 <DIR> d-------- c:\documents and settings\user\Application Data\Webroot
2008-11-13 11:22 . 2008-11-17 11:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2008-11-13 11:22 . 2008-11-13 17:11 1,553,272 --a------ c:\windows\WRSetup.dll
2008-11-13 07:51 . 2008-11-13 07:51 43,248 --a------ c:\windows\system32\OEMINFO.PNF
2008-11-13 02:29 . 2008-11-17 04:23 <DIR> d-------- c:\windows\system32\bits
2008-11-13 02:29 . 2008-04-13 17:11 7,168 --------- c:\windows\system32\bitsprx4.dll
2008-11-13 01:30 . 2005-05-11 21:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2008-11-13 01:30 . 2005-05-11 21:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-11-13 01:30 . 2008-11-13 01:30 <DIR> d-------- c:\documents and settings\Administrator
2008-11-13 00:53 . 2008-11-18 03:38 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-12 22:55 . 2008-11-12 22:55 <DIR> d-------- c:\program files\CCleaner
2008-11-12 18:49 . 2008-11-12 18:49 13,193 --a------ c:\windows\system32\ozavuzupys.lib
2008-11-12 18:49 . 2008-11-12 18:49 10,661 --a------ c:\windows\system32\acade.sys
2008-10-22 13:46 . 2008-10-22 13:46 <DIR> d-------- c:\documents and settings\user\Application Data\ErrorEasy.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 05:13 --------- d-----w c:\documents and settings\user\Application Data\Move Networks
2008-11-20 05:07 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-18 10:45 --------- d-----w c:\program files\Java
2008-11-17 18:08 164 ----a-w C:\install.dat
2008-11-17 16:24 --------- d-----w c:\program files\MSN Messenger
2008-11-16 10:04 --------- d-----w c:\program files\Trend Micro
2008-11-16 05:44 --------- d-----w c:\documents and settings\user\Application Data\PlayFirst
2008-11-16 05:44 --------- d-----w c:\documents and settings\user\Application Data\iWin
2008-11-16 05:44 --------- d-----w c:\documents and settings\user\Application Data\Alawar
2008-11-16 05:44 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-16 05:44 --------- d-----w c:\documents and settings\All Users\Application Data\iWin
2008-11-13 08:57 --------- d-----w c:\program files\hp
2008-11-13 04:43 --------- d-----w c:\documents and settings\user\Application Data\Skype
2008-11-12 23:02 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2008-11-12 23:02 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2008-11-12 23:02 170,608 ----a-w c:\windows\system32\drivers\ssidrv.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-11 04:45 4,718 -c--a-w c:\documents and settings\user\Application Data\wklnhst.dat
2008-10-06 05:14 --------- d-----w c:\documents and settings\user\Application Data\Home Sweet Home 2
2008-10-05 03:34 --------- d-----w c:\documents and settings\user\Application Data\Oberon Games
2008-10-05 03:34 --------- d-----w c:\documents and settings\All Users\Application Data\Oberon Games
2008-10-02 05:45 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
2008-10-02 04:45 --------- d-----w c:\documents and settings\user\Application Data\Realore_DressUpRush
2008-10-01 04:42 --------- d-----w c:\documents and settings\user\Application Data\BFG_JanesRealty
2008-10-01 04:40 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-10-01 04:32 --------- d-----w c:\program files\Sunshine Acres
2008-10-01 04:28 --------- d-----w c:\program files\Cinema Tycoon 2 - Movie Mania
2008-09-30 23:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-20 08:31 520,192 ----a-w c:\windows\system32\home box office.scr
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
2008-08-25 08:38 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
2008-08-22 10:16 637,984 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-08-22 10:10 11,985,408 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-08-22 10:09 5,699,584 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-22 10:08 878,592 ----a-w c:\windows\system32\wininet.dll
2008-08-22 10:08 878,592 ----a-w c:\windows\system32\dllcache\wininet.dll
2008-08-22 10:08 43,008 ----a-w c:\windows\system32\licmgr10.dll
2008-08-22 10:08 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2008-08-22 10:08 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2008-08-22 10:08 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2008-08-22 10:07 755,200 ----a-w c:\windows\system32\dllcache\VGX.dll
2008-08-22 10:07 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll
2008-08-22 10:07 18,944 ----a-w c:\windows\system32\corpol.dll
2008-08-22 10:07 18,944 ------w c:\windows\system32\dllcache\corpol.dll
2008-08-22 10:07 116,224 ----a-w c:\windows\system32\dllcache\occache.dll
2008-08-22 10:07 105,984 ----a-w c:\windows\system32\dllcache\url.dll
2008-08-22 10:05 70,656 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2008-08-22 10:04 45,568 ----a-w c:\windows\system32\mshta.exe
2008-08-22 10:04 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
2008-08-22 10:00 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2008-08-22 09:57 156,160 ----a-w c:\windows\system32\msls31.dll
2008-08-22 09:57 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll
2008-08-22 09:42 443,392 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2007-04-04 01:45 321 -c--a-w c:\documents and settings\user\Application Data\bbbconfig.dat
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-13 17:04 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-18 136600]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2008-11-13 6273400][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 20:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 c:\windows\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-12-03 13:24 290816 c:\program files\HPQ\Quick Launch Buttons\eabservr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-02-17 09:59 124520 c:\program files\Common Files\AOL\IPHSend\IPHSend.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 13:11 267048 c:\program files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyBackgoundBanking]
--a------ 2008-02-19 08:05 53264 c:\program files\Microsoft Money Plus\MNYCoreFiles\mnybbsvc.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 c:\program files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-02-02 05:11 692316 c:\program files\Synaptics\SynTP\SynTPEnh.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-02-02 05:12 102492 c:\program files\Synaptics\SynTP\SynTPLpr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=3 (0x3)
"LightScribeService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AresChatServer"=3 (0x3)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\LMI8B.tmp\\rescue.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\anne.exe"=R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-10-02 29808]
R2 WRConsumerService;Webroot Client Service;"c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe" [2008-11-17 1086840]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
S3 vrskbdft;vrskbdft;c:\windows\system32\drivers\vrskbdft.sys [2005-12-10 5504][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c686660-3b87-11dc-ad49-0014a519fc99}]
\Shell\AutoRun\command - tsystemanalyzer.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e412aac-b3da-11dc-adc2-0014a519fc99}]
\Shell\AutoRun\command - E:\LaunchU3.exe*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder2008-11-20 c:\windows\Tasks\ErrorEasy Scheduled Scan.job
- c:\program files\ErrorEasy\ErrorEasy.exe []2008-11-20 c:\windows\Tasks\ErrorEasy Scheduled Scan.job
- c:\program files\ErrorEasy []2008-11-21 c:\windows\Tasks\User_Feed_Synchronization-{CDF6C4AB-1449-4641-AC6A-D00E8107575A}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 03:05]2008-11-20 c:\windows\Tasks\wrSpySweeper_L81315FADBEA0428ABBEB09BAE8A592C3.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11]2008-11-20 c:\windows\Tasks\wrSpySweeper_L81315FADBEA0428ABBEB09BAE8A592C3.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11]2008-11-20 c:\windows\Tasks\wrSpySweeper_L81315FADBEA0428ABBEB09BAE8A592C3.job
- c:\","d:\" []
.
- - - - ORPHANS REMOVED - - - -HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
SafeBoot-OneCareMP
MSConfigStartUp-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSConfigStartUp-pccguide - c:\program files\Trend Micro\Antivirus\pccguide.exe
MSConfigStartUp-PCClient - c:\program files\Trend Micro\Antivirus\PCClient.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe
MSConfigStartUp-TM Outbreak Agent - c:\program files\Trend Micro\Antivirus\TMOAgent.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\prsu2jmj.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.myspace.com/
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 20:10:25
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2008-11-20 20:13:55
ComboFix-quarantined-files.txt 2008-11-21 03:13:17Pre-Run: 49,868,275,712 bytes free
Post-Run: 49,861,312,512 bytes free265 --- E O F --- 2008-11-17 17:59:20
0
Looks better.
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Please run Esets online scanner from this link:
1. Note: You will need to use Internet explorer for this scan
2. Tick the box next to YES, I accept the Terms of Use.
3. Click Start
4. When asked, allow the activex control to install
5. Click Start
6. Make sure that the option Remove found threats is unticked ( Iwant to see what is found first), and the option Scan unwanted applications is checked
7. Click Scan
8. Wait for the scan to finish
9. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
10. Copy and paste that log in your next reply.
0
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3629 (20081121)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=51ec967ab791514e9c406bf3d4e8f5f4
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-11-21 06:47:14
# local_time=2008-11-20 11:47:14 (-0700, Mountain Standard Time (Mexico))
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=474250
# found=0
# scan_time=6936
0
Well, it is much better! Its still a little slow at times. I am thinking it might be the new version of Internet Explorer that I downloaded. It just gets slow sometimes. When I have IE open even just 1 window it will show multiple processes of it in the Task Manager, do you think that has anything to do with the virus?
Other than that it seems to be working like normal. I can't believe it!! I am so happy :) Thank you so much for helping me. I really appreciate it.
Do I need to run other programs then my Spy Sweeper to keep my computer protected? I have the Anti Spyware and AntiVirus through that, do I need to use the other programs as well like Spy Doctor or anything else? I just don't want this to happen again.
0
Probably is the new internet explorer, you can uninstall it from add/remove programs.
Use only one antivirus and and usually one antispyware programs is enough...they must be kept up to date.
Glad we could help.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
