no more sinowal

Computing.Net > Forums > Security and Virus > no more sinowal

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

no more sinowal

Name: ishb
Date: December 5, 2008 at 21:35:37 Pacific
OS: windows xp
CPU/Ram: intel
Product: Microsoft / DELL

Comment:

I started getting alerts that my comp has been affected by sinowal. While I was downloading multiple antivirus programs in a failed attempt to delete it, I came across this website and some sinowal-free happy people. I am currently running in safe mode and did the following as per previous posts - ran mbam and hijack this. However, I am still getting sinowal messages. Log for mbam is below:
Malwarebytes' Anti-Malware 1.31
Database version: 1466
Windows 5.1.2600 Service Pack 2
12/5/2008 11:14:31 PM
mbam-log-2008-12-05 (23-14-31).txt
Scan type: Quick Scan
Objects scanned: 63648
Time elapsed: 8 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSppxgddoi.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSvmposvyc.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: December 5, 2008 at 21:44:01 Pacific

Reply:

You have multiple infections.
Once you get SDFix downloaded go offline and turn of your antivirus and any antispyware that you have, run SDFix from safe mode and restart the Antivirus before you get back on line to post the log.
Download SDFix.exe and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
1.Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
2. Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
3. Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
4. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt
Post a new Hijack This log once you have run SDFix.

Response Number 2

Name: ishb
Date: December 6, 2008 at 08:32:03 Pacific

Reply:

Here is the log for sdfix:

[b]System Report[/b]
*************
Run on Sat 12/06/2008 at 10:23 AM
Microsoft Windows XP [Version 5.1.2600]
Current user is an administrator
[b]Running Processes[/b]:
\SystemRoot\System32\smss.exe [468]
\??\C:\WINDOWS\system32\csrss.exe [800]
\??\C:\WINDOWS\system32\winlogon.exe [824]
C:\WINDOWS\system32\services.exe [868]
C:\WINDOWS\system32\lsass.exe [880]
C:\WINDOWS\system32\svchost.exe [1024]
C:\WINDOWS\system32\svchost.exe [1104]
C:\WINDOWS\system32\svchost.exe [1248]
C:\WINDOWS\system32\svchost.exe [1272]
C:\WINDOWS\system32\svchost.exe [1320]
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [1536]
C:\WINDOWS\Explorer.exe [1804]

[b]Drivers - Running[/b]:
ACPI
AFD
atapi
b57w2k
Beep
Cdfs
Cdrom
Compbatt
Disk
DLACDBHM
DLARTL_M
DRVMCDB
FltMgr
Ftdisk
GEARAspiWDM
Gpc
HDAudBus
i8042prt
iastor
Imapi
IpNat
IPSec
isapnp
Kbdclass
KSecDD
Mouclass
MountMgr
MRxSmb
Msfs
mssmbios
Mup
NDIS
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
NETw4x32
Npfs
Ntfs
Null
ohci1394
PartMgr
PCI
PCIIde
Pcmcia
PptpMiniport
PSched
Ptilink
PxHelp20
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
rdpdr
redbook
sr
Srv
swenum
Tcpip
TermDD
Update
usbehci
usbhub
usbuhci
VgaSave
VolSnap
WmiAcpi

[b]Drivers - Stopped[/b]:
Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
AegisP
Aha154x
aic78u2
aic78xx
AliIde
amsint
Arp1394
asc
asc3350p
asc3550
AsyncMac
Atdisk
Atmarpc
audstub
catchme
cbidf2k
CCDECODE
cd20xrnt
Cdaudio
cercsr6
Changer
CmBatt
CmdIde
Cpqarray
dac960nt
DLABMFSM
DLABOIOM
DLADResM
DLAIFS_M
DLAOPIOM
DLAPoolM
DLAUDFAM
DLAUDF_M
dmboot
dmio
dmload
DMusic
dpti2o
drmkaud
DRVNDDM
eeCtrl
EraserUtilDrvI7
Fastfat
Fdc
Fips
Flpydisk
guardian2
HidUsb
hpn
HSFHWAZL
HSF_DPV
HTTP
i2omgmt
i2omp
ialm
ini910u
IntelIde
intelppm
Ip6Fw
IpFilterDriver
IpInIp
IRENUM
kmixer
lbrtfdc
mdmxsdk
mnmdd
Modem
mouhid
mraid35x
MRxDAV
MSKSSRV
MSPCLOCK
MSPQM
MSTEE
NABTSFEC
NAVENG
NAVEX15
NdisIP
NDISKIO
NIC1394
NwlnkFlt
NwlnkFwd
Parport
ParVdm
PCIDump
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
s24trans
SAVRT
SAVRTPEL
Secdrv
serenum
Serial
Sfloppy
Simbad
SLIP
SONYPVU1
Sparrow
SPBBCDrv
splitter
STHDA
streamip
swmidi
symc810
symc8xx
SymEvent
SYMREDRV
SYMTDI
sym_hi
sym_u3
sysaudio
TDPIPE
TDTCP
TosIde
Udfs
UIUSys
ultra
UnhookMBRS
usbaudio
usbccgp
usbprint
USBSTOR
ViaIde
VX3000
Wanarp
WDICA
wdmaud
winachsf
WSTCODEC
WudfPf
WudfRd
X4HSX32

[b]Services - Running[/b]:
aawservice
CryptSvc
DcomLaunch
Dhcp
Dnscache
Eventlog
helpsvc
lanmanserver
lanmanworkstation
LmHosts
Netman
PlugPlay
RpcSs
SharedAccess
srservice
TermService
winmgmt
WZCSVC

[b]Services - Stopped[/b]:
Alerter
ALG
Apple
AppMgmt
aspnet_state
AudioSrv
BITS
Browser
ccEvtMgr
ccPwdSvc
ccSetMgr
CiSvc
ClipSrv
clr_optimization_v2.0.50727_32
COMSysApp
DefWatch
dmadmin
dmserver
ERSvc
EventSystem
EvtEng
FastUserSwitchingCompatibility
FontCache3.0.0.0
gusvc
HidServ
HTTPFilter
idsvc
ImapiService
iPod
MDM
Messenger
mnmsrvc
MSCamSvc
MSDTC
MSIServer
NetDDE
NetDDEdsdm
Netlogon
NetTcpPortSharing
Nla
NtLmSsp
NtmsSvc
ose
PolicyAgent
ProtectedStorage
RasAuto
RasMan
RDSessMgr
RegSrvc
RemoteAccess
RemoteRegistry
RpcLocator
RSVP
S24EventMonitor
SamSs
SavRoam
SCardSvr
Schedule
seclogon
SENS
ShellHWDetection
SNDSrvc
SPBBCSvc
Spooler
SSDPSRV
STacSV
stisvc
stllssvr
SwPrv
Symantec
SysmonLog
TapiSrv
Themes
TlntSvr
TrkWks
upnphost
UPS
usnjsvc
Viewpoint
VSS
W32Time
WebClient
WLANKEEPER
WLSetupSvc
WmdmPmSN
Wmi
WmiApSrv
WMPNetworkSvc
wscsvc
wuauserv
WudfSvc
xmlprov

[b]Files Created/Modified - 60 Days[/b]:

C:\
Dec 6 2008 10:20:24a 2,145,386,496 A.SH. "C:\pagefile.sys"

C:\WINDOWS\
Dec 6 2008 10:20:30a 2,048 A.S.. "C:\WINDOWS\bootstat.dat"
Dec 5 2008 6:27:36p 64 A.S.. "C:\WINDOWS\CSC\csc1.tmp"
Oct 16 2008 2:09:44p 92,696 A.... "C:\WINDOWS\system32\cdm.dll"
Oct 17 2008 10:28:44p 262,232 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
Nov 3 2008 6:10:26p 17,318,336 A.... "C:\WINDOWS\system32\MRT.exe"
Oct 16 2008 2:06:48p 268,648 A.... "C:\WINDOWS\system32\mucltui.dll"
Oct 16 2008 2:06:48p 208,744 A.... "C:\WINDOWS\system32\muweb.dll"
Oct 15 2008 10:57:56a 332,800 A.... "C:\WINDOWS\system32\netapi32.dll"
Dec 6 2008 8:45:10a 71,308 A.... "C:\WINDOWS\system32\perfc009.dat"
Dec 6 2008 8:45:10a 441,624 A.... "C:\WINDOWS\system32\perfh009.dat"
Oct 16 2008 2:12:20p 561,688 A.... "C:\WINDOWS\system32\wuapi.dll"
Oct 16 2008 2:09:44p 51,224 A.... "C:\WINDOWS\system32\wuauclt.exe"
Oct 16 2008 2:13:40p 1,809,944 A.... "C:\WINDOWS\system32\wuaueng.dll"
Oct 16 2008 2:12:22p 323,608 A.... "C:\WINDOWS\system32\wucltui.dll"
Oct 16 2008 2:08:58p 34,328 A.... "C:\WINDOWS\system32\wups.dll"
Oct 16 2008 2:09:44p 43,544 A.... "C:\WINDOWS\system32\wups2.dll"
Oct 16 2008 2:13:40p 202,776 A.... "C:\WINDOWS\system32\wuweb.dll"
Dec 6 2008 10:19:24a 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
Dec 1 2008 5:00:20p 127 A.... "C:\WINDOWS\Temp\D653F3EC.TMP"
Dec 6 2008 10:19:52a 0 A.... "C:\WINDOWS\Temp\scs3.tmp"
Dec 6 2008 10:22:36a 0 A.... "C:\WINDOWS\Temp\scs5.tmp"
Oct 24 2008 5:10:42a 453,632 ..... "C:\WINDOWS\Driver Cache\i386\mrxsmb.sys"
Oct 16 2008 2:09:44p 92,696 A.... "C:\WINDOWS\system32\dllcache\cdm.dll"
Oct 24 2008 5:10:42a 453,632 ..... "C:\WINDOWS\system32\dllcache\mrxsmb.sys"
Oct 15 2008 10:57:56a 332,800 A.... "C:\WINDOWS\system32\dllcache\netapi32.dll"
Oct 16 2008 2:12:20p 561,688 A.... "C:\WINDOWS\system32\dllcache\wuapi.dll"
Oct 16 2008 2:09:44p 51,224 A.... "C:\WINDOWS\system32\dllcache\wuauclt.exe"
Oct 16 2008 2:13:40p 1,809,944 A.... "C:\WINDOWS\system32\dllcache\wuaueng.dll"
Oct 16 2008 2:12:22p 323,608 A.... "C:\WINDOWS\system32\dllcache\wucltui.dll"
Oct 16 2008 2:08:58p 34,328 A.... "C:\WINDOWS\system32\dllcache\wups.dll"
Oct 16 2008 2:13:40p 202,776 A.... "C:\WINDOWS\system32\dllcache\wuweb.dll"
Dec 3 2008 7:54:04p 15,504 A.... "C:\WINDOWS\system32\drivers\mbam.sys"
Dec 3 2008 7:54:08p 38,496 A.... "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"
Oct 24 2008 5:10:42a 453,632 A.... "C:\WINDOWS\system32\drivers\mrxsmb.sys"
Dec 5 2008 4:42:30p 32,768 A.SH. "C:\WINDOWS\Temp\Cookies\index.dat"
Dec 5 2008 4:42:30p 32,768 A.SH. "C:\WINDOWS\Temp\History\History.IE5\index.dat"
Dec 5 2008 4:42:30p 81,920 A.SH. "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat"

C:\Program Files\
Dec 3 2008 7:54:04p 380,048 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe"
Dec 3 2008 7:54:02p 73,360 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll"
Dec 3 2008 7:54:04p 1,265,296 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Dec 3 2008 7:54:06p 73,360 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
Dec 3 2008 7:54:06p 399,504 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe"
Dec 3 2008 7:54:06p 170,640 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
Dec 3 2008 7:54:06p 44,688 A.... "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
Dec 5 2008 11:02:34p 8,408 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat"
Dec 5 2008 11:02:08p 688,784 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Dec 3 2008 7:54:08p 77,968 A.... "C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll"
Dec 6 2008 10:19:36a 3,220 A.... "C:\Program Files\Symantec AntiVirus\savrt.dat"
Dec 6 2008 10:19:36a 76 A.... "C:\Program Files\Symantec AntiVirus\SRTSEXCL.DAT"
Oct 6 2008 9:52:34a 3,610,424 A.... "C:\Program Files\Microsoft Office\OFFICE11\OUTLFLTR.DAT"
Oct 14 2008 9:33:30p 95,600 A.... "C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll"
Dec 6 2008 9:52:28a 72 A.... "C:\Program Files\Symantec\LiveUpdate\ludirloc.dat"
Dec 6 2008 10:19:50a 0 A.... "C:\Program Files\Symantec AntiVirus\SAVRT\0762NAV~.TMP"
Oct 6 2008 9:41:28a 793,712 A.... "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
Oct 21 2008 9:59:12a 1,293,424 A.... "C:\Program Files\The Weather Channel FW\Desktop\Setup.dll"
Dec 5 2008 7:20:20p 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
Dec 6 2008 10:05:46a 91 A.... "C:\Program Files\Yahoo!\Messenger\ystats_A.dat"
Dec 6 2008 10:05:46a 28 A.... "C:\Program Files\Yahoo!\Messenger\ystats_B.dat"
Oct 15 2008 12:42:46a 13,219,184 A.... "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.dll"
Oct 15 2008 12:35:48a 4,906,496 A.... "C:\Program Files\Adobe\Reader 8.0\Reader\AGM.dll"
Oct 15 2008 12:33:28a 2,281,472 A.... "C:\Program Files\Adobe\Reader 8.0\Reader\CoolType.dll"
Oct 14 2008 9:37:10p 66,944 A.... "C:\Program Files\Adobe\Reader 8.0\Reader\PDFPrevHndlrShim.exe"
Oct 15 2008 1:04:34a 39,792 A.... "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe"
Oct 14 2008 8:55:56p 1,945,600 A.... "C:\Program Files\Adobe\Reader 8.0\Reader\rt3d.dll"
Dec 3 2008 5:26:16p 1,210 A.... "C:\Program Files\Yahoo!\Messenger\Cache\BZSRpRqqECvSvwsDyDqLYA--.Display.dat"
Dec 5 2008 9:36:14p 127 A.... "C:\Program Files\Yahoo!\Messenger\Cache\BZSRpRqqECvSvwsDyDqLYA--.ProfileMap.dat"
Dec 6 2008 10:01:40a 1,430 A.... "C:\Program Files\Yahoo!\Messenger\Cache\hf4SbH1.mbmy5QSRa8aJvg--.Display.dat"
Dec 6 2008 9:51:14a 0 A.... "C:\Program Files\Yahoo!\Messenger\Cache\hf4SbH1.mbmy5QSRa8aJvg--.ProfileMap.dat.tmp"
Oct 14 2008 9:33:30p 95,600 A.... "C:\Program Files\Adobe\Reader 8.0\Reader\AIR\nppdf32.dll"
Oct 14 2008 9:33:30p 95,600 A.... "C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll"
Oct 14 2008 9:29:50p 632,168 A.... "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll"
Nov 26 2008 10:15:06a 820 A.... "C:\Program Files\Yahoo!\Messenger\Profiles\suman3006\iconindex.dat"
Dec 6 2008 10:01:20a 891 A.... "C:\Program Files\Yahoo!\Messenger\Profiles\suman3006\Archive\Messages\ganpat.bansal\20081206-suman3006.dat"

[b]Files with hidden attributes[/b]:
Mon 18 Feb 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Thu 22 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 21 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f0716f9e2f02629b56861c4c14d7f531\BIT15.tmp"
Sun 21 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT16.tmp"

[b]Program Folders[/b]:
C:\Program Files\
activePDF
Adobe
Advanced Spyware Remover
AIM6
Apple Software Update
AVG
BitTorrent
Broadcom
Canon
Common Files
ComPlus Applications
CONEXANT
CyberLink
Dealio
Dell
Disney
DivX
DNA
Flickr Uploadr
GameTap
Google
InstallShield Installation Information
Intel
Internet Explorer
iPod
iTunes
Java
Lavasoft
LimeWire
Malwarebytes' Anti-Malware
Messenger
Microsoft ActiveSync
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft LifeCam
Microsoft Office
Microsoft Silverlight
Microsoft Visual Studio
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSECache
MSN
MSN Gaming Zone
MSXML 4.0
MSXML 6.0
NetMeeting
New Folder
O2Micro OZ776 SCR Driver
Online Services
Outlook Express
Picasa2
QuickTime
Real
Reference Assemblies
Roxio
Shutterfly
SigmaTel
Skype
Symantec
Symantec AntiVirus
The Weather Channel FW
Trend Micro
Uninstall Information
Viewpoint
Windows Live
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
xerox
Yahoo!
C:\Program Files\Common Files\
Adobe
AOL
Apple
DESIGNER
InstallShield
Java
L&H
Microsoft Shared
MSSoap
ODBC
Real
Roxio Shared
Services
Skype
Sonic Shared
SpeechEngines
SureThing Shared
SWF Studio
Symantec Shared
System
WindowsLiveInstaller
Wise Installation Wizard
xing shared

[b]Add/Remove Programs[/b]:
Adobe Flash Player ActiveX
AIM 6
Canon iP1600
Conexant HDA D330 MDC V.92 Modem
Canon Utilities Easy-PhotoPrint
Flickr Uploadr 3.0.5
Intel(R) Graphics Media Accelerator Driver
HijackThis 2.0.2
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Windows Internet Explorer 8 Beta 2
OZ776 SCR Driver V1.1.3.9
High Definition Audio Driver Package - KB835221
Windows XP Hotfix - KB839210
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Windows Media Format SDK Hotfix - KB891122
Windows XP Hotfix - KB891781
Windows Genuine Advantage Validation Tool (KB892130)
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Update for Windows XP (KB908531)
Hotfix for Windows XP (KB908673)
Microsoft Base Smart Card Cryptographic Service Provider Package
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB914642)
Hotfix for Windows XP (KB915865)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Update for Windows XP (KB920342)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921503)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Security Update for Windows XP (KB925902)
Hotfix for Windows XP (KB926239)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB932168)
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933729)
Hotfix for Windows XP (KB934428-v2)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB937894)
Hotfix for Windows XP (KB937930)
Security Update for Windows XP (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows Internet Explorer 7 (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows Internet Explorer 7 (KB942615)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Update for Windows XP (KB946501-v2)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
LimeWire 4.16.6
LiveUpdate 2.6 (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft National Language Support Downlevel APIs
Picasa 2
PrimoPDF
Intel(R) PROSet/Wireless Software
RealPlayer
Shutterfly Plugin
The Weather Channel Desktop 6
Viewpoint Media Player
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Yahoo! Install Manager
Apple Software Update
Roxio Creator Tools
mSSO
Roxio Creator Data
mLogView
Security Update for CAPICOM (KB931906)
QuickTime
MSXML 6 Service Pack 2 (KB954459)
mProSafe
PowerDVD
Microsoft .NET Framework 3.0 Service Pack 1
Roxio Drag-to-Disc
Roxio Update Manager
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
OZ776 SCR Driver V1.1.3.9
Sonic Activation Module
mIWA
Dell Resource CD
Apple Mobile Device Support
mHlpDell
Windows Live Messenger
iTunes
Symantec AntiVirus
Skype™ 3.6
Roxio Creator Copy
mWMI
Roxio Express Labeler
GameTap
Microsoft Visual C++ 2005 Redistributable
mSCfg
Roxio Creator Audio
MSXML 4.0 SP2 (KB954430)
Microsoft Silverlight
mPfMgr
Microsoft LifeCam
Microsoft Office Professional Edition 2003
Compatibility Pack for the 2007 Office system
mPfWiz
mZConfig
mDriver
SigmaTel Audio
Windows Live installer
Adobe Reader 8.1.3
Chinese Simplified Fonts Support For Adobe Reader 8
Spelling Dictionaries Support For Adobe Reader 8
Windows Live Sign-in Assistant
Microsoft .NET Framework 2.0 Service Pack 1
DivX Web Player
Windows Presentation Foundation
MSXML 4.0 SP2 (KB936181)
Roxio Creator DE
Microsoft .NET Framework 1.1
DivX Content Uploader
Broadcom Gigabit Integrated Controller
Ad-Aware 2007
mCore
mMHouse
mDrWiFi
mWlsSafe
Adobe Digital Editions
BitTorrent
DNA

[b]Run Values[/b]:
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"PDVDDXSrv"="\"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"SigmatelSysTrayApp"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\
00,69,00,6c,00,65,00,73,00,25,00,5c,00,53,00,69,00,67,00,6d,00,61,00,54,00,\
65,00,6c,00,5c,00,43,00,2d,00,4d,00,61,00,6a,00,6f,00,72,00,20,00,41,00,75,\
00,64,00,69,00,6f,00,5c,00,57,00,44,00,4d,00,5c,00,73,00,74,00,73,00,79,00,\
73,00,74,00,72,00,61,00,2e,00,65,00,78,00,65,00,00,00
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
"VX3000"="C:\\WINDOWS\\vVX3000.exe"
"LifeCam"="\"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"SDFix"="C:\\SDFix\\RunThis.bat /second"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"MsnMsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Aim6"=""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DW6"="\"C:\\Program Files\\The Weather Channel FW\\Desktop\\DesktopWeather.exe\""
"vidxhp"="\"C:\\Documents and Settings\\Ishika\\Application Data\\Google\\ggqjh22510678.exe\""

[b]Bot Check[/b]:
SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"

[b]ShellExecuteHooks[/b]:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[b]Environment[/b]:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
RoxioCentral REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SAFEBOOT_OPTION REG_SZ NETWORK
[b]SecurityProviders[/b]:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[b]Authentication Packages[/b]:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0

[b]Subsystem Startup[/b]:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

[b]Midi Drivers[/b]:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"

[b]Non-Default IFEO Debugger[/b]:

[b]Non-Default Installed Components[/b]:

[b]Non-Default Safeboot Minimal[/b]:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
<NO NAME> REG_SZ Service

[b]File Associations[/b]:

[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"
[HKEY_CLASSES_ROOT\http\shell\open\command]
@="C:\\PROGRA~1\\MOZILL~1\\FIREFOX.exe -requestPending -osint -url \"%1\""
[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"
[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"
[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""
[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"
[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.exe %1"

[b]Finished![/b]

Response Number 3

Name: ishb
Date: December 6, 2008 at 08:34:23 Pacific

Reply:

here's the log for hijack this - what to do next?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:17 AM, on 12/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [vidxhp] "C:\Documents and Settings\Ishika\Application Data\Google\ggqjh22510678.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofi...
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/vwhpro/EN/ins...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9012 bytes

Response Number 4

Name: jabuck
Date: December 6, 2008 at 10:54:56 Pacific

Reply:

Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 11 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
Please download ComboFix to the desktop from one of the following links:
Link1
Link 2
Link 3
Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
In your case to run Combofix do the following:
1. Go offline turn off your Nortons antivirus, Ad-Aware and any other antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.

Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.

Response Number 5

Name: ishb
Date: December 7, 2008 at 09:14:00 Pacific

Reply:

Here's the combofix log:
ComboFix 08-12-06.06 - Ishika 2008-12-07 11:01:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1509 [GMT -6:00]
Running from: c:\documents and settings\Ishika\Desktop\ComboFix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ishika\Application Data\Google\ggqjh22510678.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.
2008-12-07 10:45 . 2008-12-07 10:45 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-07 10:45 . 2008-12-07 10:45 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-06 10:10 . 2008-12-06 10:10 <DIR> d-------- c:\windows\ERUNT
2008-12-06 10:08 . 2008-12-06 11:21 <DIR> d-------- C:\SDFix
2008-12-05 23:02 . 2008-12-05 23:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 23:02 . 2008-12-05 23:02 <DIR> d-------- c:\documents and settings\Ishika\Application Data\Malwarebytes
2008-12-05 23:02 . 2008-12-05 23:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-05 23:02 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 23:02 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-05 19:24 . 2008-12-05 20:09 <DIR> d-------- c:\program files\Advanced Spyware Remover
2008-12-05 19:20 . 2008-12-05 19:20 <DIR> d-------- c:\program files\Trend Micro
2008-12-05 17:53 . 2008-12-05 18:36 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-05 16:46 . 2008-12-05 16:46 <DIR> d-------- c:\program files\AVG
2008-12-05 16:46 . 2008-12-05 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 16:59 --------- d-----w c:\documents and settings\Ishika\Application Data\Skype
2008-12-07 16:55 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-07 16:55 --------- d-----w c:\documents and settings\Ishika\Application Data\skypePM
2008-12-07 16:45 --------- d-----w c:\program files\Java
2008-12-07 16:44 --------- d-----w c:\program files\Yahoo!
2008-12-07 16:44 --------- d-----w c:\program files\Common Files\AOL
2008-11-23 16:28 --------- d-----w c:\program files\Common Files\Adobe
2008-11-12 04:39 --------- d-----w c:\documents and settings\Ishika\Application Data\LimeWire
2008-10-25 02:32 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2007-12-15 21:00 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-10-06 793712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2005-04-17 124608]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-12-26 24652]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\Ishika\LOCALS~1\Temp\[u]0[/u]3629027.nmc\nse\bin\ndiskio.sys []
S3 UnhookMBRS;UnhookMBRS;\??\c:\docume~1\Ishika\LOCALS~1\Temp\[u]0[/u]3629027.nmc\nse\bin\unhookmbrs.sys []
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-vidxhp - c:\documents and settings\Ishika\Application Data\Google\ggqjh22510678.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Ishika\Application Data\Mozilla\Firefox\Profiles\mnwttgf0.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 11:03:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-07 11:04:32
ComboFix-quarantined-files.txt 2008-12-07 17:04:09
Pre-Run: 76,852,944,896 bytes free
Post-Run: 77,064,290,304 bytes free
132 --- E O F --- 2008-11-23 16:28:10

microsoft digital media keyboard 1.0a Integrated High Definition audio with ADI1884 codec automatic driver finder	usbehci 82801G (ICH7 Family) High Definition Audio Driver Download (.exe OR .zip) microsoft lifecam vx-700 driver download
See More

Response Number 6

Name: ishb
Date: December 7, 2008 at 10:11:24 Pacific

Reply:

Do I have to run combofix a second time? I only ran it once. My comp seems to be working in the normal mode.

Response Number 7

Name: jabuck
Date: December 7, 2008 at 14:12:49 Pacific

Reply:

No, that looks a lot better. But there is some clean up left to do.
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Please run Esets online scanner from this link:
ESET
1. Note: You will need to use Internet explorer for this scan
2. Tick the box next to YES, I accept the Terms of Use.
3. Click Start
4. When asked, allow the activex control to install
5. Click Start
6. Make sure that the option Remove found threats is unticked ( I want to see what is found first), and the option Scan unwanted applications is checked
7. Click Scan
8. Wait for the scan to finish
9. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
10. Copy and paste that log in your next reply.

Response Number 8

Name: ishb
Date: December 7, 2008 at 17:23:31 Pacific

Reply:

I did ATF cleaner but cant seem to do ETF. After clicking on start, I get the message Page Not Found.

Response Number 9

Name: jabuck
Date: December 7, 2008 at 18:16:06 Pacific

Reply:

I think the Eset scanner is down, try this one.
Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**
To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Response Number 10

Name: ishb
Date: December 7, 2008 at 21:16:00 Pacific

Reply:

here's the log for the online scan:
----------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 7, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 08, 2008 01:30:05
Records in database: 1443164
----------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 49925
Threat name: 3
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 00:43:00

File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03B00000.VBN Infected: Backdoor.Win32.TDSS.bkw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03B00001.VBN Infected: Backdoor.Win32.TDSS.bkw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03B00002.VBN Infected: Trojan.Win32.Agent.arvz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03B00003.VBN Infected: Trojan.Win32.Agent.arvz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BD00000\4BF9BB42.VBN Infected: Trojan.Win32.Agent.arvz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF00000.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
The selected area was scanned.

Response Number 11

Name: jabuck
Date: December 9, 2008 at 18:44:17 Pacific

Reply:

You computer appears to be clean, the files found by Kaspersky are in a safe place and can be deleted you have the opportunity.
Navigate to and delete this folder:
C:\SDFix
Empty the recycle bin.
Go to start> run> combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.
Go to start> control panel> add/remove programs and uninstall these programs:
Hijack This
Malwarebytes
Eset
You should keep AFT Cleaner and run it weekly.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster
Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.
How is the computer operating?

Response Number 12

Name: ishb
Date: December 9, 2008 at 19:01:18 Pacific

Reply:

It's working great! Thanks!!

Response Number 13

Name: jabuck
Date: December 11, 2008 at 14:46:34 Pacific

Reply:

Glad we could help.

Sponsored Link

Ads by Google

Sinowal.trojan removal he...

Sinowal Trojan...please h...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: no more sinowal

With Nortons no more warnings!

Summary

www.computing.net/answers/security/with-nortons-no-more-warnings/897.html

Help - homepage hijacked and more..

Summary

www.computing.net/answers/security/help-homepage-hijacked-and-more/9144.html

virus still exists, no partitions

Summary

www.computing.net/answers/security/virus-still-exists-no-partitions/14446.html

From the Geek Dictionary
character - A person created in a Game or Story, will usually have a action that they n...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
Window wont start

Pc Upgrading

Video driver

Ubuntu 9.10 Not Recognizing Wireless card

Program appear and dissapear quickly

All Awaiting Reply

Tom's News
Man Pleads Guilty Selling Fake Chips to Navy

Threatening Rap on YouTube Lands Two in Jail

New Final Fantasy XIII Trailer is 5 Minutes Long

Guy Quits Job With Error Message

Verizon Takes on Sprint's 3G Network (And Wins)

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE