Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

LNK/ACESPADES.A ???

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby amateur » November 14th, 2005, 4:57 pm

Hi Tomevans,

Glad to see you were able to come back. :)

1. Please go Start>Control Panel>Add/Remove programs and remove/uninstall the following, if present:

Windows TaskAd

2. Reset Hidden Files and Folders:

" Click Start.
" Open My Computer.
" Select the Tools menu and click Folder Options.
" Select the View tab.
" Deselect the Show hidden files and folders option.
" Select the Hide file extensions for known types option.
" Select the Hide protected operating system files option.
" Click Yes to confirm.
" Click OK.

3. Reboot in Safe Mode following my earlier instructions

4. Navigate and delete the following folder, in bold:

C:\PROGRAM FILES\Windows TaskAd

5. While still in Safe Mode run Ewido, Adaware and Spybot again following my earlier instructions.

6. Also in Safe Mode navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

Empty the Recycle Bin.

7. Reboot in Normal Mode

8. Please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

and
with TrendMicro

Click on "Scan Now, it's free"
Choose Your Country and click on "Go"
Click on "Start Free Scan Now"

9. I am happy to see that you have AVG, which is a good, free antivirus protection. Please add now a firewall like Kerio, Zone Alarm or Sygate to your protection. Make sure that you install only one firewall. I personally use Zone Alarm and find it easy to use. It works well with AVG.

10. Post a new HijackThis log and the reports from Kaspersky & Trendmicro, please.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA
Advertisement
Register to Remove

Trend Micro

Unread postby tomevans00 » November 17th, 2005, 3:48 pm

KASPERSKY

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, November 17, 2005 17:14:04
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 17/11/2005
Kaspersky Anti-Virus database records: 160257
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
H:\

Scan Statistics:
Total number of scanned objects: 164628
Number of viruses found: 1
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 8974 sec

Infected Object Name - Virus Name
C:\RECYCLER\S-1-5-21-527237240-790525478-682003330-500\Dc1\Util\Remove.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bf
C:\System Volume Information\_restore{3FABF7AD-BFCC-4536-B7A5-4457878A07C4}\RP101\A0091509.dll Infected: not-a-virus:AdWare.Win32.WebSearch.bf
C:\System Volume Information\_restore{3FABF7AD-BFCC-4536-B7A5-4457878A07C4}\RP101\A0091510.dll Infected: not-a-virus:AdWare.Win32.WebSearch.bf
C:\System Volume Information\_restore{3FABF7AD-BFCC-4536-B7A5-4457878A07C4}\RP131\A0146341.dll Infected: not-a-virus:AdWare.Win32.WebSearch.bf
C:\WINDOWS\50955.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bf
C:\WINDOWS\system32\camdrv.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bf
C:\WINDOWS\system32\camplugin.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bf
C:\WINDOWS\system32\camscreen.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bf

Scan process completed.

HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 19:47:59, on 17/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Vegas\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0178877374
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe



TREND

Virus Scan 0 virus cleaned, 0 virus deleted


Results:
We have detected 0 infected file(s) with 0 virus(es) on your computer. Only 0 out of 0 infected files are displayed: - 0 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 0 virus(es) deleted, 0 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected File Associated Virus Name Action Taken




Trojan/Worm Check 0 worm/Trojan horse deleted

What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable
Trojan/Worm Name Trojan/Worm Type Action Taken




Spyware Check 3 spyware programs removed

What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 3 spyware(s) on your computer. Only 0 out of 0 spywares are displayed: - 0 spyware(s) passed, 0 spyware(s) no action available
- 3 spyware(s) removed, 0 spyware(s) unremovable
Spyware Name Spyware Type Action Taken
ADW_SLAGENT.A Adware Removal successful
COOKIE_968 Cookie Removal successful
COOKIE_1020 Cookie Removal successful




Microsoft Vulnerability Check No vulnerability detected

What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 0 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix
[/b]
tomevans00
Active Member
 
Posts: 12
Joined: October 31st, 2005, 9:34 am

Unread postby amateur » November 17th, 2005, 9:07 pm

Hi Tomevans00 :) ,

I got the Kaspersky, TrendMicro and the HijackThis, but missing the Ewido scan result. I would appreciate if you can include that in your next post. Your log is looking much better. :D Nice to see that you have the firewall now too. :) :) One discomfort to me is that I noticed you are using P2P file sharing. :o

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

Please note that as long as you're using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur. I personally do not find this practice safe. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your malware infestations. Please don't use the program until after your computer is totally clean.

We are going to delete the files reported by Kaspersky using "Killbox".
Please download Killbox here
to your Desktop

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
In the Full Path of File to Delete box, copy and paste each of the following
lines one at a time then click on the button that has the red circle with the
X in the middle after you enter each file. It will ask for confirmation to
delete the file. Click Yes. Continue with that same procedure until you have
copied and pasted all of these in the Paste Full Path of File to Delete box.

Note: It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.

C:\WINDOWS\50955.exe
C:\WINDOWS\system32\camdrv.exe
C:\WINDOWS\system32\camplugin.exe
C:\WINDOWS\system32\camscreen.exe


Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:
    " Temporary Internet Files
    " Downloaded Program Files
    " Recycle Bin
    " Temporary Files


Click OK or Enter

Please do an online scan with Kaspersky Online Scanner again and post back the Kaspersky scan result and the Ewido scan report. How is the computer running now :?:
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby tomevans00 » November 20th, 2005, 2:24 pm

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 00:21:00, 18/11/2005
+ Report-Checksum: EACCC837

+ Scan result:

C:\Documents and Settings\Vegas\Cookies\vegas@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Vegas\Cookies\vegas@ad.adition[2].txt -> Spyware.Cookie.Adition : Cleaned with backup
C:\Documents and Settings\Vegas\Cookies\vegas@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Vegas\Cookies\vegas@adopt.euroclick[2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Vegas\Cookies\vegas@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Vegas\Cookies\vegas@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Vegas\Cookies\vegas@adviva[2].txt -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Documents and Settings\Vegas\Cookies\vegas@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Vegas\Cookies\vegas@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Vegas\Cookies\vegas@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Vegas\Cookies\vegas@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Vegas\Cookies\vegas@axa.addcontrol[1].txt -> Spyware.Cookie.Addcontrol : Cleaned with backup
C:\Documents and Settings\Vegas\Cookies\vegas@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Vegas\Cookies\vegas@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Vegas\Cookies\vegas@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Vegas\Cookies\vegas@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, November 20, 2005 16:31:44
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 20/11/2005
Kaspersky Anti-Virus database records: 160735
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\

Scan Statistics:
Total number of scanned objects: 156917
Number of viruses found: 5
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 8279 sec

Infected Object Name - Virus Name
C:\!KillBox\50955.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bf
C:\!KillBox\camdrv.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bf
C:\!KillBox\camplugin.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bf
C:\!KillBox\camscreen.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bf
C:\Documents and Settings\Vegas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-53e45e18.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Vegas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-53e45e18.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Vegas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-53e45e18.zip Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Vegas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv433.jar-1f248ffd-45038f47.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Vegas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv433.jar-1f248ffd-45038f47.zip/Counter.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\Vegas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv433.jar-1f248ffd-45038f47.zip/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Vegas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv433.jar-1f248ffd-45038f47.zip Infected: Trojan.Java.ClassLoader.d
C:\RECYCLER\S-1-5-21-527237240-790525478-682003330-500\Dc1\Util\Remove.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bf
C:\System Volume Information\_restore{3FABF7AD-BFCC-4536-B7A5-4457878A07C4}\RP132\A0147464.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bf
C:\System Volume Information\_restore{3FABF7AD-BFCC-4536-B7A5-4457878A07C4}\RP132\A0147465.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bf
C:\System Volume Information\_restore{3FABF7AD-BFCC-4536-B7A5-4457878A07C4}\RP132\A0147466.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bf
C:\System Volume Information\_restore{3FABF7AD-BFCC-4536-B7A5-4457878A07C4}\RP132\A0147467.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bf

Scan process completed.


Its running a lot better, thanks. It's faster and there have been fewer restarts, though I am having a few here and there.
tomevans00
Active Member
 
Posts: 12
Joined: October 31st, 2005, 9:34 am

Unread postby amateur » November 20th, 2005, 5:51 pm

Hi again,

Looks much much better :D . We are almost there ;)

1. Navigate to My Computer>Local Disk (C). Find this Folder: !KillBox and delete it.

2. Clear the Java Cache.

Start>Control Panel > Java -or- Java Plugin > General tab > Temporary Internet Files > Delete Files:
Checkmark all 3 options
Click "OK"

If those settings are different, the "Clear Cache" option might be under the "Cache" tab instead.

3. Empty the Recycle Bin.

4. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

5. Reboot.

6. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

7. Run Kaspersky online scan one more time.

8. Run HijackThis again and post a new HijackThis log and the Kaspersky report.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby tomevans00 » November 23rd, 2005, 2:40 pm

Logfile of HijackThis v1.99.1
Scan saved at 18:37:38, on 23/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vegas\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0178877374
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, November 23, 2005 17:07:39
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 23/11/2005
Kaspersky Anti-Virus database records: 161204
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 149143
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 6262 sec

Infected Object Name - Virus Name
C:\RECYCLER\S-1-5-21-527237240-790525478-682003330-500\Dc1\Util\Remove.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bf

Scan process completed.

I also had the log appear on my desktop when I rebooted the other day and don't know what it is. Any idea?

#
# An unexpected error has been detected by HotSpot Virtual Machine:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x0cdcda0c, pid=3852, tid=2224
#
# Java VM: Java HotSpot(TM) Client VM (1.5.0_05-b05 mixed mode, sharing)
# Problematic frame:
# j sun.util.PreHashedMap.get(Ljava/lang/Object;)Ljava/lang/Object;+1
#

--------------- T H R E A D ---------------

Current thread (0x02a1a1a8): JavaThread "AWT-Windows" daemon [_thread_in_Java, id=2224]

siginfo: ExceptionCode=0xc0000005, reading address 0x28283988

Registers:
EAX=0x28283880, EBX=0x00000000, ECX=0x2b7ddfa8, EDX=0x30800001
ESP=0x0f7be630, EBP=0x0f7be654, ESI=0x2aab6a89, EDI=0x0f7be668
EIP=0x0cdcda0c, EFLAGS=0x00010246

Top of Stack: (sp=0x0f7be630)
0x0f7be630: 0cdc29cf 2b7ddfa8 0f7be638 2aab6a89
0x0f7be640: 0f7be668 2b2db710 00000000 2b2db358
0x0f7be650: 0f7be664 0f7be688 0cdc2d00 00000000
0x0f7be660: 00000000 2b7ddfa8 211e6500 0f7be66c
0x0f7be670: 2aab60b5 0f7be698 2b2da390 00000000
0x0f7be680: 2b2da078 0f7be694 0f7be6c4 0cdc29fa
0x0f7be690: 00000000 2b7ddfa8 21217a88 21217a88
0x0f7be6a0: 08000001 21217a88 0f7be6a0 2aab62ef

Instructions: (pc=0x0cdcda0c)
0x0cdcd9fc: 00 04 0f 84 05 00 00 00 3b 01 ff 63 30 8b 41 04
0x0cdcda0c: 8b 9c 98 08 01 00 00 8b 53 30 8b c3 ff e2 90 90


Stack: [0x0f6c0000,0x0f7c0000), sp=0x0f7be630, free space=1017k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
j sun.util.PreHashedMap.get(Ljava/lang/Object;)Ljava/lang/Object;+1
j sun.nio.cs.FastCharsetProvider.canonicalize(Ljava/lang/String;)Ljava/lang/String;+5
j sun.nio.cs.FastCharsetProvider.charsetForName(Ljava/lang/String;)Ljava/nio/charset/Charset;+7
j java.nio.charset.Charset.lookup2(Ljava/lang/String;)Ljava/nio/charset/Charset;+39
j java.nio.charset.Charset.lookup(Ljava/lang/String;)Ljava/nio/charset/Charset;+40
j java.nio.charset.Charset.isSupported(Ljava/lang/String;)Z+1
j java.lang.StringCoding.lookupCharset(Ljava/lang/String;)Ljava/nio/charset/Charset;+1
j java.lang.StringCoding.decode(Ljava/lang/String;[BII)[C+59
j java.lang.String.<init>([BIILjava/lang/String;)V+30
j sun.font.TrueTypeFont.makeString([BSS)Ljava/lang/String;+166
j sun.font.TrueTypeFont.initNames()V+174
j sun.font.TrueTypeFont.init(I)V+319
j sun.font.TrueTypeFont.<init>(Ljava/lang/String;Ljava/lang/Object;IZ)V+46
j sun.font.FontManager.registerFontFile(Ljava/lang/String;[Ljava/lang/String;IZI)Lsun/font/PhysicalFont;+55
j sun.font.FontManager.initialiseDeferredFont(Ljava/lang/String;)Lsun/font/PhysicalFont;+80
j sun.font.CompositeFont.doDeferredInitialisation(I)V+70
j sun.font.CompositeFont.getSlotFont(I)Lsun/font/PhysicalFont;+11
j sun.font.CompositeStrike.getStrikeForSlot(I)Lsun/font/PhysicalStrike;+16
j sun.font.CompositeStrike.getFontMetrics()Lsun/font/StrikeMetrics;+31
j sun.font.FontDesignMetrics.initMatrixAndMetrics()V+28
j sun.font.FontDesignMetrics.<init>(Ljava/awt/Font;Ljava/awt/font/FontRenderContext;)V+62
j sun.font.FontDesignMetrics.<init>(Ljava/awt/Font;)V+5
j sun.awt.SunToolkit.getFontMetrics(Ljava/awt/Font;)Ljava/awt/FontMetrics;+44
j sun.awt.windows.WToolkit.getFontMetrics(Ljava/awt/Font;)Ljava/awt/FontMetrics;+13
v ~StubRoutines::call_stub
V [jvm.dll+0x8295c]
V [jvm.dll+0xd752e]
V [jvm.dll+0x8282d]
V [jvm.dll+0x87508]


--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x102f1778 JavaThread "AWT-EventQueue-2" [_thread_blocked, id=2016]
0x0788ba38 JavaThread "Image Fetcher 0" daemon [_thread_blocked, id=3616]
0x1026a708 JavaThread "Keep-Alive-Timer" daemon [_thread_blocked, id=3708]
0x077f6d68 JavaThread "thread applet-log.class" [_thread_blocked, id=1128]
0x078c8e68 JavaThread "thread applet-SampleDemo.class" [_thread_in_native, id=408]
0x078c83f8 JavaThread "thread applet-Interval.class" [_thread_blocked, id=2816]
0x02a9bd08 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=1828]
0x02a16c80 JavaThread "AWT-Shutdown" [_thread_blocked, id=2796]
0x0781dc20 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=1108]
=>0x02a1a1a8 JavaThread "AWT-Windows" daemon [_thread_in_Java, id=2224]
0x07835a50 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2712]
0x07827530 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=1476]
0x02aa6980 JavaThread "CompilerThread0" daemon [_thread_blocked, id=1216]
0x029fa8f0 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=572]
0x029dd2d8 JavaThread "Finalizer" daemon [_thread_blocked, id=844]
0x029cbc50 JavaThread "Reference Handler" daemon [_thread_blocked, id=2204]
0x0003bbb0 JavaThread "main" [_thread_in_native, id=1532]

Other Threads:
0x029bad88 VMThread [id=3628]
0x02a15a88 WatcherThread [id=896]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 576K, used 218K [0x20a80000, 0x20b20000, 0x211e0000)
eden space 512K, 30% used [0x20a80000, 0x20aa6910, 0x20b00000)
from space 64K, 100% used [0x20b00000, 0x20b10000, 0x20b10000)
to space 64K, 0% used [0x20b10000, 0x20b10000, 0x20b20000)
tenured generation total 1408K, used 1060K [0x211e0000, 0x21340000, 0x26a80000)
the space 1408K, 75% used [0x211e0000, 0x212e91a0, 0x212e9200, 0x21340000)
compacting perm gen total 8192K, used 1306K [0x26a80000, 0x27280000, 0x2aa80000)
the space 8192K, 15% used [0x26a80000, 0x26bc6828, 0x26bc6a00, 0x27280000)
ro space 8192K, 62% used [0x2aa80000, 0x2af8a3a0, 0x2af8a400, 0x2b280000)
rw space 12288K, 46% used [0x2b280000, 0x2b8103d8, 0x2b810400, 0x2be80000)

Dynamic libraries:
0x00400000 - 0x00419000 C:\Program Files\Internet Explorer\IEXPLORE.EXE
0x7c900000 - 0x7c9b0000 C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f4000 C:\WINDOWS\system32\kernel32.dll
0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
0x77d40000 - 0x77dd0000 C:\WINDOWS\system32\USER32.dll
0x77f10000 - 0x77f57000 C:\WINDOWS\system32\GDI32.dll
0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f01000 C:\WINDOWS\system32\RPCRT4.dll
0x77760000 - 0x778cc000 C:\WINDOWS\system32\SHDOCVW.dll
0x77a80000 - 0x77b14000 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
0x754d0000 - 0x75550000 C:\WINDOWS\system32\CRYPTUI.dll
0x76c30000 - 0x76c5e000 C:\WINDOWS\system32\WINTRUST.dll
0x76c90000 - 0x76cb8000 C:\WINDOWS\system32\IMAGEHLP.dll
0x77120000 - 0x771ac000 C:\WINDOWS\system32\OLEAUT32.dll
0x774e0000 - 0x7761d000 C:\WINDOWS\system32\ole32.dll
0x5b860000 - 0x5b8b4000 C:\WINDOWS\system32\NETAPI32.dll
0x771b0000 - 0x77256000 C:\WINDOWS\system32\WININET.dll
0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
0x773d0000 - 0x774d2000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x7c9c0000 - 0x7d1d5000 C:\WINDOWS\system32\SHELL32.dll
0x5d090000 - 0x5d127000 C:\WINDOWS\system32\comctl32.dll
0x74720000 - 0x7476b000 C:\WINDOWS\system32\MSCTF.dll
0x75f80000 - 0x7607d000 C:\WINDOWS\system32\BROWSEUI.dll
0x20000000 - 0x20012000 C:\WINDOWS\system32\browselc.dll
0x77b40000 - 0x77b62000 C:\WINDOWS\system32\appHelp.dll
0x76fd0000 - 0x7704f000 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll
0x77260000 - 0x772ff000 C:\WINDOWS\system32\urlmon.dll
0x5ad70000 - 0x5ada8000 C:\WINDOWS\system32\UxTheme.dll
0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
0x77a20000 - 0x77a74000 C:\WINDOWS\System32\cscui.dll
0x76600000 - 0x7661d000 C:\WINDOWS\System32\CSCDLL.dll
0x77920000 - 0x77a13000 C:\WINDOWS\system32\SETUPAPI.dll
0x769c0000 - 0x76a73000 C:\WINDOWS\system32\USERENV.dll
0x10000000 - 0x10124000 c:\program files\google\googletoolbar1.dll
0x71ad0000 - 0x71ad9000 C:\WINDOWS\system32\WSOCK32.dll
0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
0x76380000 - 0x76385000 C:\WINDOWS\system32\MSIMG32.dll
0x5cd70000 - 0x5cd77000 C:\WINDOWS\system32\serwvdrv.dll
0x5b0a0000 - 0x5b0a7000 C:\WINDOWS\system32\umdmxfrm.dll
0x59a60000 - 0x59b01000 C:\WINDOWS\system32\DBGHELP.DLL
0x76ee0000 - 0x76f1c000 C:\WINDOWS\system32\RASAPI32.DLL
0x76e90000 - 0x76ea2000 C:\WINDOWS\system32\rasman.dll
0x76eb0000 - 0x76edf000 C:\WINDOWS\system32\TAPI32.dll
0x76e80000 - 0x76e8e000 C:\WINDOWS\system32\rtutils.dll
0x76990000 - 0x769b5000 C:\WINDOWS\system32\ntshrui.dll
0x76b20000 - 0x76b31000 C:\WINDOWS\system32\ATL.DLL
0x71b20000 - 0x71b32000 C:\WINDOWS\system32\MPR.dll
0x75f60000 - 0x75f67000 C:\WINDOWS\System32\drprov.dll
0x71c10000 - 0x71c1e000 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 - 0x71ce7000 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 - 0x71cd0000 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 - 0x71c87000 C:\WINDOWS\System32\NETRAP.dll
0x71bf0000 - 0x71c03000 C:\WINDOWS\System32\SAMLIB.dll
0x75f70000 - 0x75f79000 C:\WINDOWS\System32\davclnt.dll
0x77c70000 - 0x77c93000 C:\WINDOWS\system32\msv1_0.dll
0x76d60000 - 0x76d79000 C:\WINDOWS\system32\iphlpapi.dll
0x722b0000 - 0x722b5000 C:\WINDOWS\system32\sensapi.dll
0x0ffd0000 - 0x0fff8000 C:\WINDOWS\system32\rsaenh.dll
0x71a50000 - 0x71a8f000 C:\WINDOWS\System32\mswsock.dll
0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll
0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll
0x00f50000 - 0x00fd8000 C:\WINDOWS\system32\shdoclc.dll
0x01290000 - 0x01555000 C:\WINDOWS\system32\xpsp2res.dll
0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x75cf0000 - 0x75d81000 C:\WINDOWS\system32\mlang.dll
0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
0x01d60000 - 0x02026000 C:\WINDOWS\system32\msi.dll
0x75e90000 - 0x75f40000 C:\WINDOWS\system32\SXS.DLL
0x7d4a0000 - 0x7d787000 C:\WINDOWS\System32\mshtml.dll
0x746c0000 - 0x746e7000 C:\WINDOWS\System32\msls31.dll
0x605d0000 - 0x605d9000 C:\WINDOWS\system32\mslbui.dll
0x746f0000 - 0x7471a000 C:\WINDOWS\System32\msimtf.dll
0x5c2c0000 - 0x5c300000 C:\WINDOWS\ime\sptip.dll
0x74c80000 - 0x74cac000 C:\WINDOWS\system32\OLEACC.dll
0x76080000 - 0x760e5000 C:\WINDOWS\system32\MSVCP60.dll
0x02480000 - 0x02491000 C:\WINDOWS\IME\SPGRMR.DLL
0x024a0000 - 0x024fb000 C:\Program Files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL
0x32520000 - 0x32532000 C:\Program Files\Microsoft Office\Office10\msohev.dll
0x75c50000 - 0x75cbe000 C:\WINDOWS\System32\jscript.dll
0x767f0000 - 0x76817000 C:\WINDOWS\system32\schannel.dll
0x68100000 - 0x68124000 C:\WINDOWS\system32\dssenh.dll
0x76980000 - 0x76988000 C:\WINDOWS\system32\LINKINFO.dll
0x66e50000 - 0x66e90000 C:\WINDOWS\System32\iepeers.dll
0x73000000 - 0x73026000 C:\WINDOWS\System32\WINSPOOL.DRV
0x73300000 - 0x73367000 C:\WINDOWS\System32\vbscript.dll
0x73dd0000 - 0x73ece000 C:\WINDOWS\System32\MFC42.DLL
0x30000000 - 0x30222000 C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
0x763b0000 - 0x763f9000 C:\WINDOWS\system32\comdlg32.dll
0x72d20000 - 0x72d29000 C:\WINDOWS\system32\wdmaud.drv
0x72d10000 - 0x72d18000 C:\WINDOWS\system32\msacm32.drv
0x77be0000 - 0x77bf5000 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 - 0x77bd7000 C:\WINDOWS\system32\midimap.dll
0x6d430000 - 0x6d43a000 C:\WINDOWS\System32\ddrawex.dll
0x73760000 - 0x737a9000 C:\WINDOWS\System32\DDRAW.dll
0x73bc0000 - 0x73bc6000 C:\WINDOWS\System32\DCIMAN32.dll
0x76200000 - 0x76271000 C:\WINDOWS\System32\mshtmled.dll
0x75970000 - 0x75a67000 C:\WINDOWS\system32\MSGINA.dll
0x76360000 - 0x76370000 C:\WINDOWS\system32\WINSTA.dll
0x74320000 - 0x7435d000 C:\WINDOWS\system32\ODBC32.dll
0x05890000 - 0x058a7000 C:\WINDOWS\system32\odbcint.dll
0x74980000 - 0x74ab0000 C:\WINDOWS\System32\msxml3.dll
0x4d4f0000 - 0x4d548000 C:\WINDOWS\system32\WINHTTP.dll
0x71d40000 - 0x71d5c000 C:\WINDOWS\System32\actxprxy.dll
0x06570000 - 0x0666d000 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll
0x63660000 - 0x6369f000 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavss.dll
0x69000000 - 0x6900e000 C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
0x77690000 - 0x776b1000 C:\WINDOWS\system32\NTMARTA.DLL
0x76fb0000 - 0x76fb8000 C:\WINDOWS\System32\winrnr.dll
0x037a0000 - 0x037e6000 C:\PROGRA~1\MSNMES~1\msgsc.dll
0x75e60000 - 0x75e73000 C:\WINDOWS\system32\cryptnet.dll
0x74d90000 - 0x74dfb000 C:\WINDOWS\system32\USP10.dll
0x72b20000 - 0x72b38000 C:\WINDOWS\system32\plugin.ocx
0x66880000 - 0x6688c000 C:\WINDOWS\system32\ImgUtil.dll
0x6cc60000 - 0x6cc6b000 C:\WINDOWS\System32\dispex.dll
0x76820000 - 0x76834000 C:\WINDOWS\system32\hlink.dll
0x5e310000 - 0x5e31c000 C:\WINDOWS\System32\pngfilt.dll
0x01250000 - 0x01260000 C:\WINDOWS\System32\mshtmler.dll
0x6d590000 - 0x6d5a1000 C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
0x5edd0000 - 0x5ede7000 C:\WINDOWS\system32\OLEPRO32.DLL
0x6d400000 - 0x6d417000 C:\Program Files\Java\jre1.5.0_05\bin\jpiexp32.dll
0x6d450000 - 0x6d468000 C:\Program Files\Java\jre1.5.0_05\bin\jpishare.dll
0x6d640000 - 0x6d7cc000 C:\PROGRA~1\Java\JRE15~1.0_0\bin\client\jvm.dll

VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~1.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~1.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_05 -Djavaplugin.nodotversion=150_05 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~1.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol -Djavaplugin.vm.options=-Djava.class.path=C:\PROGRA~1\Java\JRE15~1.0_0\classes -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~1.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~1.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_05 -Djavaplugin.nodotversion=150_05 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~1.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol vfprintf
java_command: <unknown>

Environment Variables:
CLASSPATH=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
PATH=C:\PROGRA~1\Java\JRE15~1.0_0\bin;C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\VDMSound;C:\Program Files\QuickTime\QTSystem\;.
USERNAME=Vegas
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel



--------------- S Y S T E M ---------------

OS: Windows XP Build 2600 Service Pack 2

CPU:total 1 family 15, cmov, cx8, fxsr, mmx, sse, sse2, ht

Memory: 4k page, physical 785412k(214520k free), swap 1918896k(1429752k free)

vm_info: Java HotSpot(TM) Client VM (1.5.0_05-b05) for windows-x86, built on Aug 26 2005 15:36:02 by "java_re" with MS VC++ 6.0
tomevans00
Active Member
 
Posts: 12
Joined: October 31st, 2005, 9:34 am

Unread postby amateur » November 23rd, 2005, 9:48 pm

Hi Tomevans00,

Your log is clean. :D Looks like you didn't empty the recycle bin yet. Please empty the recycle bin now.
The error message you got is related to Sun's Java. You probably won't get it again but if you continue to have more of those errors, I think you better contact Java and report the error to them.

Since you've already disabled and enabled system restore as instructed in my last post, please continue with the following simple steps to keep your computer clean and secure. You may already have some of the items:

Remember to hide your system files again.

Start>My Computer>Tools>Folder Options>View
Under the Hidden files and Folders heading uncheck Show hidden files and folders.
check the Hide protected operating system files (recommended) option.
Click Yes] to confirm.
check the Hide file extensions for known file types.
Click OK.

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system.

Keep your pestware-scanners up-to-date and do regular scans with them.

To keep your computer free of Spyware, Adware, Hijackers etc., download and install the following free pestware-scanners (if you haven't installed them allready):
AdAware here
Spybot here. Please remember to "immunize" after each update.
Microsoft Antispyware here
Install realtime pestware-scanners and keep them up-to-date.

The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:

SpywareBlaster here Please remember to "enable all protection" after each update.

SpywareGuard here

If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system.
A firewall will prevent unauthorized contact between your computer and internet.
If there is no firewall installed on your computer, you can download and install one of the following free firewalls:
ZoneAlarm here
Sygate here
Kerio Personal Firewall (Will be discontinued as from the end of 2005) here
Important: (Windows XP only) If you install a firewall, be sure to turn off the WinXP-firewall!

Install these programs, to make surfing with Internet Explorer safer:

A popup-blocker, f.e. Google Toolbar here: A popup-blocker prevents popup-windows from opening, when you come along a websites that uses them, during internet-surfing.

IE-SPYAD here: This utility adds a long list of known bad sites to Internet Explorer's Restricted Sites zone. This prevents those sites from executing their malicious programs on your computer.

Install and use an alternative browser to surf on the internet.

Because Internet Explorer is the most-used browser on the planet, most of the hijackers, adware and spyware are made to abuse your computer thru Internet Explorer.
Here are some good alternative browsers:
Mozilla Suite here
Mozilla Firefox here
Opera here
Netscape here
Important: You can not uninstall Internet Explorer.
First of all, it's part of Windows and you'll need it to download and install Windows Updates.
Secondly, There are some sites that are only accessable with Internet Explorer, fe. most of the Online Malware-scanners.

But above all, keep all your software UP-TO-DATE at all time!!

Also, I would recommend reading the excellent advice by Tony Klein: So how did I get infected in the first place

Happy and safe surfing. ;)
Last edited by amateur on November 24th, 2005, 10:05 am, edited 2 times in total.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby tomevans00 » November 24th, 2005, 6:54 am

Thank you very much!!

Your time and advice has been very much appiciated.

:o
tomevans00
Active Member
 
Posts: 12
Joined: October 31st, 2005, 9:34 am

Unread postby amateur » November 24th, 2005, 8:23 am

You're welcome. I am glad that we could help. :D
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby NonSuch » December 1st, 2005, 6:04 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 307 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware