Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

LOg

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

LOg

Unread postby jeyra14 » February 29th, 2008, 11:51 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:08 PM, on 2/29/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AGLOCO Viewbar\Viewbar.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\XoftSpySE\XoftSpy.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Se ... ftPane.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\PROGRA~1\mcafee\mps\mcpopup.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: emotrlq - {6805E89A-2BD3-44B7-8B13-3278155F5D5E} - C:\WINDOWS\emotrlq.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_15\bin\npjpi142_15.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_15\bin\npjpi142_15.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.crworks.com/partner/downloads/ScriptX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://katherinsosa.spaces.live.com/Pho ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O21 - SSODL: bdmnopx - {34C16465-A38D-407A-A693-C24B6DA09FE2} - C:\WINDOWS\bdmnopx.dll
O21 - SSODL: admggxp - {F1661EA0-5FBE-4804-948A-9ADB0E826383} - C:\WINDOWS\admggxp.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11556 bytes
jeyra14
Active Member
 
Posts: 8
Joined: February 29th, 2008, 11:42 pm
Advertisement
Register to Remove

Re: LOg

Unread postby mjq424 » March 1st, 2008, 7:41 am

Hello, and welcome to Malware Removal Forums.
My name is Matt and I will be assisting you with your malware issues.
Please be patient as I need some time to review your HijackThis log and I will post back recommendations for repairs.
As I am still on training, everything that I post to you, must be checked by a Teacher. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any questions or you're stuck in there please reply it to me. I will try my best to help you! Not having symptoms of malware doesn't mean that you are clean!
  • Please do not carry out tasks on your own before I reply as this will only complicate things and may mean that my instructions are useless or dangerous!
  • Please bookmark or favourite this page. In case you need it as reference or etc.

Uninstall List
  • Open HijackThis.
  • Click on Open the Misc Tools section.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
See below for details.
Image
User avatar
mjq424
Regular Member
 
Posts: 1502
Joined: April 14th, 2007, 10:20 am
Location: UK

Re: LOg

Unread postby jeyra14 » March 1st, 2008, 11:40 am

ABBYY FineReader 5.0 Sprint
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
Adobe® Photoshop® Album Starter Edition 3.2
AGLOCO Viewbar 1.03
Apple Software Update
a-squared Anti-Malware 3.1
Broadcom 440x 10/100 Integrated Controller
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Dell AIO Printer A920
Dell ResourceCD
DellConnect
Desktop Doctor
Dora`s Carnival 2 - Boardwalk Adventure (remove only)
Dora's Carnival Adventure (remove only)
Dora's Star Catching Game
FaxTools
HijackThis 2.0.2
Intel(R) Extreme Graphics Driver
iTunes
Java 2 Runtime Environment, SE v1.4.2_15
La Casa De Dora (remove only)
McAfee SecurityCenter
MySpaceIM
Nick Aracde Toolbar
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
SoundMAX
Spybot - Search & Destroy
Spyware Doctor 5.5
Stamps.com
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
WebVideo Support
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB918439
Windows XP Hotfix - KB918899
Windows XP Hotfix - KB925486
XoftSpySE
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
jeyra14
Active Member
 
Posts: 8
Joined: February 29th, 2008, 11:42 pm

Re: LOg

Unread postby mjq424 » March 1st, 2008, 7:07 pm

Hi
You appear to be running an out-of-date version of Windows XP. The latest version is Service Pack 2, while you only have Service Pack 1. Is there any reason for this?
You should get SP2, but NOT NOW, rather only after your machine is clean. Please refrain from using Windows Update until then.

P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Morpheus

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

If you wish to keep them, please do not use them until your computer is cleaned.

Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.

Disable Spyware Doctor until the computer is clean

Please disable Spyware Doctor, as it may interfere with the fix.

To disable Spyware Doctor version 5:

    Right-click the Spyware Doctor icon in the System Tray, next to the clock in the right-hand corner
    Click Shutdown
    Click Yes at the prompt
    When the process bar is complete, restart your computer
Don't forget to re-enable it, when your computer is clean.

Uninstall programs
Click Start > Control Panel > Add/Remove programs and remove the following program:
WebVideo Support


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Toolbar.BFU.
Save it in the same folder you made earlier (c:\BFU).

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Image and select Toolbar.BFU
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.

===========================

In your next reply can I please see:
  • SDFix report.txt
  • A new HijackThis log
User avatar
mjq424
Regular Member
 
Posts: 1502
Joined: April 14th, 2007, 10:20 am
Location: UK

Re: LOg

Unread postby jeyra14 » March 1st, 2008, 10:25 pm

SDFix: Version 1.150

Run by Administrator on Sat 03/01/2008 at 05:56 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\Program Files\Insider\UnInstall.exe - Deleted
C:\WINDOWS\admggxp.dll - Deleted
C:\WINDOWS\bdmnopx.dll - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\fsxloqf.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\search_res.txt - Deleted



Folder C:\Program Files\Insider - Removed
Folder C:\Program Files\QdrDrive - Removed
Folder C:\Program Files\QdrPack - Removed
Folder C:\Program Files\QdrModule - Removed
Folder C:\WINDOWS\privacy_danger - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 18:02:01
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 25 Aug 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3A7.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3A9.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3AA.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3AB.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3AC.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3AD.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3AE.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3AF.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3B0.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3B1.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3B2.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3B3.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3B4.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3B5.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3B6.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3B7.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3C6.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3C8.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3C9.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3CA.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3CB.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3CC.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3CD.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3CE.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3CF.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3D0.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3F7.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3F8.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3F9.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3FA.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3FB.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3FD.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3FE.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT3FF.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT400.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT401.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT402.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT403.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT404.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT405.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT406.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT407.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT408.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT409.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT40A.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT40B.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT40C.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT40D.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT40E.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT410.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT417.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT41F.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT420.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT421.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT425.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT426.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT428.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT429.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT42A.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT42B.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT42C.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT42D.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT42E.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT42F.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT45B.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT45C.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT45D.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT45E.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT460.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT461.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT462.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT463.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT464.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT465.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT466.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT467.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT468.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT469.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT46A.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT46B.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT46C.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT46D.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT46E.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT46F.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT470.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT471.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT472.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT473.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT474.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT475.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT476.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT477.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT486.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT487.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT489.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT48A.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT48B.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT48C.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT48D.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT48F.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT490.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4B7.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4B8.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4B9.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4BA.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4BB.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4BC.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4BD.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4BE.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4BF.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4C0.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4C1.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4C2.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4C3.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4C4.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4C5.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4C6.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4C7.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4C9.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4CA.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4CC.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4CD.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4CF.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4DB.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4E7.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4E9.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4EB.tmp"
Sat 1 Mar 2008 0 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\BIT4EC.tmp"

Finished!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:53 PM, on 3/1/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AGLOCO Viewbar\Viewbar.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\PROGRA~1\mcafee\mps\mcpopup.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_15\bin\npjpi142_15.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_15\bin\npjpi142_15.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.crworks.com/partner/downloads/ScriptX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://katherinsosa.spaces.live.com/Pho ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 10645 bytes




Thanks a lot for helping me with this...about the service pack, I got my computer in '04 and I never knew there was another service pack to install....
jeyra14
Active Member
 
Posts: 8
Joined: February 29th, 2008, 11:42 pm

Re: LOg

Unread postby mjq424 » March 2nd, 2008, 12:33 pm

Hi
Thanks for the logs.

Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.

Disable A-Squared Guard
  • Open a-squared
  • Click on Configure Background-Guard
  • Deselect "Enable background guard on system startup"
  • Close window
  • Close a-squared
    (Reverse this process after your malware removal is complete).
  • Reboot your machine for the changes to take effect before running HJT.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java(TM) SE Runtime Environment 6u4.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove Java 2 Runtime Environment, SE v1.4.2_15
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

DownLoad CCleaner

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder,
back it up or move it to a permanent folder prior to running CCleaner!


Download CCleaner to clean temp files from your computer.

http://www.ccleaner.com/download/downloadpage.aspx?f=2


Double click on the file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location. Click Install then finish to complete installation.
Double click the CCleaner shortcut on the desktop to start the program.
On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted.
(If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
Click on the "Options" icon at the left side of the window, then click on "Advanced."
deselect "Only delete files in Windows Temp folders older than 48 hours."
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.

  • Click the "Run Cleaner" button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click "OK"
  • CCleaner will scan and clean your system.
  • When cleaning is complete:
  • Click "Exit".
  • Repeat for all usernames.

Open HijackThis
Click Scan only
Place checkmarks against the following:
  • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
  • R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  • O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  • O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  • O2 - BHO: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
  • O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
  • O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
  • O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  • O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Close ALL open windows, especially browsers
Click Fix checked

Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    Please also post a new HijackThis log and a description of how your PC is behaving
User avatar
mjq424
Regular Member
 
Posts: 1502
Joined: April 14th, 2007, 10:20 am
Location: UK

Re: LOg

Unread postby jeyra14 » March 2nd, 2008, 4:32 pm

Hi. Thnks so much for your help...The computer is much, much better, the pop ups are gone and its much faster, although, not totally fast as it gets hung up sometimes....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:46 PM, on 3/2/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AGLOCO Viewbar\Viewbar.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\PROGRA~1\mcafee\mps\mcpopup.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.crworks.com/partner/downloads/ScriptX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://katherinsosa.spaces.live.com/Pho ... nPUpld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 10292 bytes



# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2913 (20080301)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=acbe000ced5049448d4814e15702ff5b
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-03-02 08:21:50
# local_time=2008-03-02 12:21:50 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 1
# scanned=89801
# found=2
# scan_time=1902
C:\SDFix\backups\backups.zip Win32/Adware.Starsdoor application 6A4101695F32D8AD0134AF7A984C932A
C:\SDFix\backups\backups.zip »ZIP »backups/UnInstall.exe Win32/Adware.Starsdoor application 00000000000000000000000000000000
jeyra14
Active Member
 
Posts: 8
Joined: February 29th, 2008, 11:42 pm

Re: LOg

Unread postby mjq424 » March 2nd, 2008, 5:12 pm

Hi
Just a few housekeeping jobs to do now.

Update Your Windows XP to SP2.

Go to Microsoft and update to SP2.

After doing so, set automatic updates on.

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.

Download OTMoveIt2 by OldTimer to your Desktop.
  • Double click OTMoveIt2.exe to launch it.
  • Click on the CleanUp! button.
  • OTMoveIt will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTMoveIt2
  • Now delete OTMoveIt2.exe (if still present)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  1. Disable and Enable System Restore. - If you are using Windows ME/XP/Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    Reset System Restore.
    Now you should disable System restore to purge any infected files and then re-enable it,

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.
    Restart your computer

    Turn ON System Restore

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Un-Check Turn off System Restore.
    Click Apply, and then click OK.
  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialise and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  4. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  5. Install WinPatrol - Download and install Winpatrol by BillP Studios.
    This program can monitor what software start with Windows. You can delay startup for some programs and stop malicious programs from starting up. It can also view some hidden files.
    Download it from here
  6. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  7. Install ThreatFire - Download and install ThreatFire. This program defends against malware by detecting certain malicious behaviours. It is configured "out-of-the-box" and acts as a complement to your Antivirus software. It can be downloaded here:
    PC Tools ThreatFire
  8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
User avatar
mjq424
Regular Member
 
Posts: 1502
Joined: April 14th, 2007, 10:20 am
Location: UK

Re: LOg

Unread postby Vino Rosso » March 10th, 2008, 1:16 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link: >Donations For Malware Removal<

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 488 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware