Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Boily Systems Ltd

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Boily Systems Ltd

Unread postby willie14 » January 7th, 2008, 10:43 am

We have been infected by file XPUpdate.exe, which popped up from Boily Systems Ltd, despite us having Fix -It7 and Zone Alarm. We have taken various bits of advice and have also run Rogue Remover, A-Squared and Super Anti-Spyware. These seem to have removed a fair amount of stuff, but we are left being unable to enable our wallpaper. It shows at boot up and logging off, but the rest of the time it is covered by a white screen. At the moment we are not aware of any other problems (touchwood), but does anyone know how we can enable our wallpaper?

Thanks
willie14
Active Member
 
Posts: 5
Joined: January 7th, 2008, 10:31 am
Advertisement
Register to Remove

Re: Boily Systems Ltd

Unread postby 'KotaGuy » January 11th, 2008, 11:08 am

Hi... sorry for the delay in a reply.

I'd like to make sure your system is clean so could you please click here to download HJTsetup.exe

  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Boily Systems Ltd

Unread postby willie14 » January 12th, 2008, 7:15 am

Good morning,

Many thanks for the guidance, please find below results of dunning HJT.

I really appreciate your help and guidance.

Thanks,

Willie14

Logfile of HijackThis v1.99.1
Scan saved at 11:06:26, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Windows\Explorer.EXE
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Windows\system32\PROMon.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Windows\System32\NMSSvc.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Windows\System32\svchost.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\System32\alg.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0809/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.65
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZU
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: NTLSignup - https://register.tesco.net/tesco/NTLSignup.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
willie14
Active Member
 
Posts: 5
Joined: January 7th, 2008, 10:31 am

Re: Boily Systems Ltd

Unread postby 'KotaGuy » January 12th, 2008, 7:11 pm

Other than an errant MyWebSearch 09... your log looks pretty good.

Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log.

For your background problem... Click "Start", "Settings", and then click "Control Panel". Open the "Display" applet. Click on "Desktop", "Customise Display..." and "Web".
In the box under "Web pages" look for a checkbox named "Security". If found select it and click "Delete". Let me know how that goes.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Boily Systems Ltd

Unread postby willie14 » January 13th, 2008, 11:14 am

Good afternoon,

Please find below new HJT log and log following running Kaspersky software.

Once again appreciate your help.

Willie14

Logfile of HijackThis v1.99.1
Scan saved at 15:09:37, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Windows\system32\PROMon.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0809/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.65
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZU
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: NTLSignup - https://register.tesco.net/tesco/NTLSignup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 13, 2008 3:07:36 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/01/2008
Kaspersky Anti-Virus database records: 510043
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 63366
Number of viruses found: 13
Number of infected objects: 62
Number of suspicious objects: 0
Duration of the scan process: 00:59:29

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Stewart Gillet\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Stewart Gillet\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Stewart Gillet\Local Settings\Application Data\Identities\{EED02091-47AD-4EDD-A0AA-0B2D9D1B9B0F}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Stewart Gillet\Local Settings\Application Data\Identities\{EED02091-47AD-4EDD-A0AA-0B2D9D1B9B0F}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Stewart Gillet\Local Settings\Application Data\Identities\{EED02091-47AD-4EDD-A0AA-0B2D9D1B9B0F}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Stewart Gillet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Stewart Gillet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Stewart Gillet\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stewart Gillet\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Stewart Gillet\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stewart Gillet\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Stewart Gillet\ntuser.dat.LOG Object is locked skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/1.bin/MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/F3HISTSW.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/F3IMSTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/F3POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/F3PSSAVR.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/F3REPROX.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/F3RESTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/F3SCHMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/F3WPHOOK.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/M3MSG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/M3OUTLCN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/M3SKIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/M3SLSRCH.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/M3SRCHMN.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/MWSOEMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q/program files/mywebsearch/bar/3.bin/MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A1F422CF80B54A2E57723BAC65B73C8EC8B925D0.A2Q ZIP: infected - 18 skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A6C9775E8363F9CC85849680321001CBE94B20E0.A2Q/program files/mywebsearch/bar/3.bin/M3SRCHMN.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A6C9775E8363F9CC85849680321001CBE94B20E0.A2Q/program files/mywebsearch/bar/3.bin/MWSOEMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A6C9775E8363F9CC85849680321001CBE94B20E0.A2Q/program files/mywebsearch/bar/3.bin/MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A6C9775E8363F9CC85849680321001CBE94B20E0.A2Q/program files/mywebsearch/bar/3.bin/MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\A6C9775E8363F9CC85849680321001CBE94B20E0.A2Q ZIP: infected - 4 skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\D0501E8E6A1A2CE3105AA36034026DA7030B898E.A2Q/program files/mywebsearch/bar/3.bin/M3SRCHMN.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\D0501E8E6A1A2CE3105AA36034026DA7030B898E.A2Q/program files/mywebsearch/bar/3.bin/MWSOEMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\D0501E8E6A1A2CE3105AA36034026DA7030B898E.A2Q/program files/mywebsearch/bar/3.bin/MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\D0501E8E6A1A2CE3105AA36034026DA7030B898E.A2Q/program files/mywebsearch/bar/3.bin/MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\D0501E8E6A1A2CE3105AA36034026DA7030B898E.A2Q ZIP: infected - 4 skipped
C:\Program Files\COMPAQ\Compaq Management Agents\Dmi\Win32\mifdb\errors.log Object is locked skipped
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071747.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071748.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071749.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071750.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071751.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071752.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071753.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071754.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071755.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071756.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071757.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071758.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071760.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071761.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071762.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071765.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071766.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071767.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071768.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071769.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071770.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071771.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071772.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071773.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071776.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071778.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071779.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071781.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071782.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP387\A0071783.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP388\A0071874.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP391\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\CPQ11681105551.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\a2cache_4E955B1A.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT01762.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
willie14
Active Member
 
Posts: 5
Joined: January 7th, 2008, 10:31 am

Re: Boily Systems Ltd

Unread postby 'KotaGuy » January 13th, 2008, 5:10 pm

Not much to take care of... a couple things other than cleaning out your Restore Points which we will do shortly.

Run and scan with HijackThis and place a check beside the following:

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZU

Close all open browsers/windows anc click the Fix button.

Reboot.

Search for and delete this Folder:

C:\Program Files\MyWebSearch

Empty your Recycle Bin.

How is your PC behaving?
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Boily Systems Ltd

Unread postby willie14 » January 14th, 2008, 5:08 pm

Good evening KotaGuy,

Thanks, I feel a lot better now, I think my computer does also.

Done as you advised, found the file in HJT, checked it, Fixed it, rebooted found it and delted in and finally emptied the recycle bin, hopefully that's it.

Computer is running slow but that's normal, too much junk that needs clearing out, that's my next job.

One thing that manifested itself with the Malware has been that the icons on the desktop all have coloured boxes around the writing below the icon, the colour of the box can be changed but not made invisible/colourless. Before the Malware, these were colourless/invisible, the writing was direct onto the desktop picture. Any ideas?

One again thanks,

Willie14
willie14
Active Member
 
Posts: 5
Joined: January 7th, 2008, 10:31 am

Re: Boily Systems Ltd

Unread postby 'KotaGuy » January 14th, 2008, 8:45 pm

Right click on the My Computer icon. Click the Advanced tab. Click the Settings button under Performance. In the Visual Effects tab scroll down and put a check beside Use drop shadows for icon labels on the desktop. Click Apply then OK and close the System Properties window.

Let me know how that goes.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Boily Systems Ltd

Unread postby willie14 » January 15th, 2008, 5:03 pm

Good evening KotaGuy,

Many thanks, a few clicks of the mouse, in the correct place, and problem solved.

I'll have to set up a new Pay Pal account to make a donation, that might take a couple of days. My old Pay Pal account suddenly had a strange entry on it from somebody in the US who I had never heard of, so I cancelled it.

Many thanks for your help and assistance, first time I've used such a forum and I can't thank you enough.

That should be me done now.

Once again thanks.

Willie14 :cheers:
willie14
Active Member
 
Posts: 5
Joined: January 7th, 2008, 10:31 am

Re: Boily Systems Ltd

Unread postby 'KotaGuy » January 15th, 2008, 7:07 pm

Was my pleasure :)

Some tips for the future to minimize reinfection...

  • Disable and Enable System Restore - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    Turn off System Restore.
    On the Desktop, right-click My Computer
    Click Properties
    Click the System Restore tab
    Check Turn off System Restore
    Click Apply, and then click OK

    Reboot.

    Turn on System Restore.
    On the Desktop, right-click My Computer
    Click Properties
    Click the System Restore tab
    Uncheck Turn off System Restore
    Click Apply, and then click OK
    NOTE: only do this ONCE, NOT on a regular basis!
  • Re hide your system files To do so, please follow the steps below:
    • Double-click My Computer.
    • Click the Tools menu, and then click Folder Options.
    • Click the View tab.
    • Put a check by "Hide file extensions for known file types."
    • Under the "Hidden files" folder, select "Do not show hidden files and folders."
    • Check "Hide protected operating system files."
    • Click Apply, and then click OK.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. Here are some Anti Virus products which are free for personal use and most used:
    AntiVir
    Avast
    BitDefender
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient but it only controls one way of the traffic (inbound/outbound not sure). Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most used:
    Comodo
    Kerio
    ZoneAlarm
  • Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions here:
<link>

>> Here << you can see how you can help us.

Surf Safe :)
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Boily Systems Ltd

Unread postby NonSuch » January 20th, 2008, 5:20 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware