|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
03-26-2007, 12:12 PM
|
#41 (permalink) |
|
Registered User
Join Date: Aug 2006
Posts: 47
OS: Windows Vista Home Premium
|
Re: Need help with malware, virus, spyware problem.
Hi, when I extracted it to desktop, it did not create a folder. Only the four things were extracted:
Plugins Folder (contains 1 file, NWMON.SRE) License.txt ReleaseNotes2.htm SREng.EXE They are all loose, no folder is created to hold them all. To launch SREng.exe I simply double click the icon located on my desktop. So I can put the File Digital Sign Verify Plugin in the plugin folder, but there is no SREng folder in which I can find SRECXTMG.SRE. I hope that makes sense *scratches head*. |
|
     |
|
03-26-2007, 12:19 PM
|
#42 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista
|
Re: Need help with malware, virus, spyware problem.
I follow you--here you go
 Download the attached .zip folder and extract it to the Plugin folder.
__________________
 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried : 04-19-2007 at 11:28 PM. |
|
|
|
|
03-26-2007, 01:00 PM
|
#43 (permalink) | |
|
Registered User
Join Date: Aug 2006
Posts: 47
OS: Windows Vista Home Premium
|
Re: Need help with malware, virus, spyware problem.
Quote:
 Sorry for another question (I feel kind of dumb, eh?) but since you mentioned safe mode above, does that mean I should be in Safe mode when I run CleanUp! and KillBox and so on...? Or am I to stay in Normal Mode? (Once again I've been downloading the files on my clean computer and just transferring them over the network). Thanks! |
|
|
|
|
|
03-26-2007, 01:10 PM
|
#44 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista
|
Re: Need help with malware, virus, spyware problem.
Nothing to feel 'dumb' about--it's always better to check and make sure when in doubt, especially with the infection you have. It should not be this hard to get rid of, so it is particularly important to carry out the fix as stated as we may be dealing with a new variant and it helps me to plan the next course of action if the fix fails.  Yes, Safe Mode all the way until instructed to reboot to Normal Mode.  |
|
|
|
|
03-26-2007, 02:02 PM
|
#45 (permalink) |
|
Registered User
Join Date: Aug 2006
Posts: 47
OS: Windows Vista Home Premium
|
Re: Need help with malware, virus, spyware problem.
Okay, done. I managed to get through the rest of the steps without anymore confusion. I was kind of mystified when I ran CleanUp! as it freed up 1.7 GB of space on my computer.
 I only had to delete iexplorer.exe the one time, it never came back. I'm slightly confused about Mozilla now. You told me to delete the dlplugin.exe, and now every time I load the program I get a pop-up that says: download: executable 'C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\extensions\{c17127b0-af04-11db-abbd-0800200c9a66}\dlplugin.exe' does not exist. Mozilla still opens after I click OK, but it's kind of annoying. Anyhoo, here's the HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 2:48:52 PM, on 26/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Stephanie\My Documents\Downloads\HJT.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebportal.net/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1157425519949 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe |
|
|
|
|
03-26-2007, 08:29 PM
|
#46 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista
|
Re: Need help with malware, virus, spyware problem.
Hi,
dlplugin.exe was classified as adware and not a legit download plugin from Firefox--we'll get to the bottom of that error message as well. From Normal Mode: Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebportal.net/ O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Click 'Fix Checked' and close HijackThis. -------------------------------------------------------------------- Reboot and see if you can now reset your homepage. -------------------------------------------------------------------- I realize these online scans are time consuming, but I'd like to use a different scanner this round: Go here and do the BitDefender online virus scan.
-------------------------------------------------------------------- Download fl.zip
Run a new scan with dss.exe -------------------------------------------------------------------- Please include the following in your next reply: BitDefender results C:\findlop.txt main.txt Have you run another full system scan with Kaspersky? Is it still detecting infection? -------------------------------------------------------------------- |
|
|
|
|
03-27-2007, 07:59 AM
|
#47 (permalink) |
|
Registered User
Join Date: Aug 2006
Posts: 47
OS: Windows Vista Home Premium
|
Re: Need help with malware, virus, spyware problem.
Hi, okay, done it all. My computer must be cleaner as I can do more and more on it now. I am pretty sure there is still some "guck" on it, though. After I ran Bitdefender, the only option to save the report was in HTML, so I've attached the report to this message. I'm going to run a scan with Kaspersky now, but I thought I'd post these results first. Thanks for your ongoing help!
Findlop.txt Volume in drive C has no label. Volume Serial Number is 0070-0D63 Directory of C:\Documents and Settings\All Users\Application Data 22/02/2007 02:48 PM <DIR> Adobe 22/02/2007 02:50 PM <DIR> Adobe Systems 22/02/2007 12:25 PM <DIR> Apple Computer 06/09/2006 09:41 PM <DIR> CyberLink 06/09/2006 01:02 PM <DIR> DVD Shrink 06/09/2006 09:52 AM <DIR> Fellowes 06/09/2006 09:46 AM <DIR> HP 06/09/2006 09:47 AM 733 hpzinstall.log 27/03/2007 06:02 AM <DIR> Kaspersky Lab 06/09/2006 09:45 AM <DIR> Sonic 04/09/2006 10:54 PM <DIR> Spybot - Search & Destroy 22/02/2007 10:00 PM <DIR> Windows Genuine Advantage 1 File(s) 733 bytes 11 Dir(s) 8,575,410,176 bytes free Volume in drive C has no label. Volume Serial Number is 0070-0D63 Directory of C:\Documents and Settings\Stephanie\Application Data 22/02/2007 03:04 PM <DIR> Adobe 22/02/2007 01:07 PM <DIR> AdobeUM 21/02/2007 02:04 PM <DIR> Ahead 04/09/2006 11:13 PM <DIR> Apple Computer 10/09/2006 11:29 AM <DIR> CyberLink 23/02/2007 04:32 AM <DIR> DivX 06/09/2006 01:08 PM 81,920 ezpinst.exe 21/10/2006 05:26 PM 5,776 GdiplusUpgrade_MSIApproach_Wrapper.log 15/12/2006 03:08 AM <DIR> Help 21/10/2006 05:41 PM 0 HelpFilesUpdatePatch_HELPFILEREPLACE.log 21/10/2006 05:41 PM 363 HelpFilesUpdatePatch_PRINTHELPWRAPPER.log 06/09/2006 10:42 PM <DIR> HP 21/10/2006 05:51 PM 2,154 HPSU_48BitScanUpdate.log 04/09/2006 08:33 PM <DIR> Identities 06/09/2006 08:35 AM <DIR> Macromedia 04/09/2006 10:55 PM <DIR> Mozilla 22/02/2007 12:34 PM <DIR> OfficeUpdate12 14/03/2007 01:17 AM <DIR> Opera 21/10/2006 05:32 PM 2,491 PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log 21/10/2006 05:30 PM 2,936 PatchUpdate_InstantShareJPG.log 21/10/2006 05:29 PM 3,750 PatchUpdate_IZClosingDiscError.log 06/09/2006 01:08 PM 7,176 pcouffin.cat 06/09/2006 01:08 PM 1,144 pcouffin.inf 06/09/2006 01:09 PM 34 pcouffin.log 06/09/2006 01:08 PM 47,360 pcouffin.sys 13/10/2006 02:45 AM <DIR> Sun 04/09/2006 10:55 PM <DIR> Talkback 21/10/2006 05:14 PM 38,825 Update_HP_RedboxHprblog_HPSU.log 26/03/2007 09:08 PM <DIR> uTorrent 23/03/2007 10:13 AM <DIR> vlc 06/09/2006 01:09 PM <DIR> Vso 13 File(s) 193,929 bytes 18 Dir(s) 8,575,397,888 bytes free Volume in drive C has no label. Volume Serial Number is 0070-0D63 Directory of C:\Documents and Settings\Default User\Application Data 04/09/2006 03:04 PM <DIR> . 04/09/2006 03:04 PM <DIR> .. 04/09/2006 03:04 PM 62 desktop.ini 1 File(s) 62 bytes 2 Dir(s) 8,575,397,888 bytes free Volume in drive C has no label. Volume Serial Number is 0070-0D63 Directory of C:\Documents and Settings\LocalService\Application Data Volume in drive C has no label. Volume Serial Number is 0070-0D63 Directory of C:\Documents and Settings\NetworkService\Application Data [TRACE] Enumerating jobs and queues [TRACE] Activating job 'AppleSoftwareUpdate.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe' Parameters: '-Task' WorkingDirectory: '' Comment: '' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 03/20/2007 21:17:00 NextRun: 03/27/2007 21:17:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: ..T.... StartDate: 03/07/2007 EndDate: 00/00/0000 StartTime: 21:17 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 DSS.exe Main.txt Deckard's System Scanner v20070318.32 Run by Stephanie on 2007-03-27 at 08:51:20 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Stephanie.exe) ------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 8:51:36 AM, on 27/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Stephanie\Desktop\dss.exe C:\DOCUME~1\STEPHA~1\MYDOCU~1\DOWNLO~1\STEPHA~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1157425519949 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- Files created between 2007-02-27 and 2007-03-27 ----------------------------- 2007-03-27 06:03:56 0 d-------- C:\WINDOWS\BDOSCAN8 2007-03-27 06:03:50 0 d-------- C:\WINDOWS\LastGood 2007-03-26 14:30:52 0 d-------- C:\!KillBox 2007-03-25 18:37:54 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1> 2007-03-23 10:13:42 0 d-------- C:\Documents and Settings\Stephanie\Application Data\vlc 2007-03-23 10:09:28 0 d-------- C:\Program Files\VideoLAN 2007-03-22 13:02:08 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-03-22 13:02:08 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-03-22 13:01:36 0 d-------- C:\Program Files\Kaspersky Lab<KASPER~1> 2007-03-22 13:01:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab<KASPER~1> 2007-03-22 13:01:33 24352 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-03-22 13:01:33 2084128 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-03-22 13:00:24 0 d-------- C:\kav 2007-03-22 12:39:19 0 d-------- C:\avenger 2007-03-22 09:52:23 0 d-------- C:\WINDOWS\CSC 2007-03-22 09:46:20 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-03-19 03:52:43 0 d-------- C:\WINDOWS\pss 2007-03-19 02:11:46 0 d-------- C:\Documents and Settings\Stephanie\.housecall6.6<HOUSEC~1.6> 2007-03-14 01:17:12 0 d-------- C:\Documents and Settings\Stephanie\Application Data\Opera 2007-03-08 18:05:08 0 d--h----- C:\WINDOWS\system32\GroupPolicy<GROUPP~1> 2007-03-07 02:41:42 0 d-------- C:\Program Files\iTunes 2007-03-07 02:38:39 0 d-------- C:\Program Files\QuickTime<QUICKT~1> -- Find3M Report --------------------------------------------------------------- 2007-03-26 21:08:03 0 d-------- C:\Documents and Settings\Stephanie\Application Data\uTorrent 2007-03-07 02:42:07 0 d-------- C:\Program Files\iPod 2007-03-07 02:34:32 0 d-------- C:\Program Files\Apple Software Update<APPLES~1> 2007-03-01 04:12:36 0 d-------- C:\Program Files\DC++<DC__~1> 2007-02-23 21:02:18 0 d---s---- C:\Documents and Settings\Stephanie\Application Data\Microsoft<MICROS~1> 2007-02-23 04:32:39 0 d-------- C:\Documents and Settings\Stephanie\Application Data\DivX 2007-02-22 21:02:56 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4> 2007-02-22 15:53:07 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-02-22 15:52:49 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1> 2007-02-22 15:04:29 0 d-------- C:\Documents and Settings\Stephanie\Application Data\Adobe 2007-02-22 14:57:06 0 d-------- C:\Program Files\Common Files\Adobe 2007-02-22 14:50:22 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1> 2007-02-22 14:30:02 0 d-------- C:\Program Files\PowerISO 2007-02-22 13:07:08 0 d-------- C:\Documents and Settings\Stephanie\Application Data\AdobeUM 2007-02-22 12:34:47 0 d-------- C:\Documents and Settings\Stephanie\Application Data\OfficeUpdate12<OFFICE~1> 2007-02-22 12:11:58 0 d-------- C:\Program Files\DivX 2007-02-21 16:00:26 0 d-------- C:\Program Files\Common Files\Ahead 2007-02-21 14:04:02 0 d-------- C:\Documents and Settings\Stephanie\Application Data\Ahead 2007-01-31 23:56:06 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL> 2007-01-31 23:56:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL> 2007-01-31 23:56:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL> 2007-01-31 23:56:04 639066 --a------ C:\WINDOWS\system32\DivX.dll 2007-01-31 16:27:01 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-01-30 18:15:10 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE> 2007-01-30 00:03:40 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-30 00:03:34 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe 2007-01-30 00:03:34 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe 2007-01-30 00:03:34 129784 -----n--- C:\WINDOWS\system32\pxafs.dll 2007-01-30 00:03:26 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-30 00:03:26 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-29 23:56:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-29 23:56:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-29 23:56:54 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-01-29 23:56:52 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-01-29 23:56:52 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-01-29 23:56:52 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-01-29 23:56:52 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-01-29 23:56:52 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-01-29 23:04:00 200768 --a------ C:\WINDOWS\system32\klogon.dll 2007-01-17 10:43:35 16 --a------ C:\WINDOWS\popcinfo.dat -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "MediaFace Integration"="C:\\Program Files\\Fellowes\\MediaFACE 4.2\\SetHook.exe" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 -- End of Deckard's System Scanner: finished at 2007-03-27 at 08:53:30 --------- |
|
|
|
|
03-27-2007, 09:56 AM
|
#48 (permalink) |
|
Registered User
Join Date: Aug 2006
Posts: 47
OS: Windows Vista Home Premium
|
Re: Need help with malware, virus, spyware problem.
Hi, I finished the Kaspersky scan and it has still found infections on my system:
Scan My Computer ---------------- Scanned: 280992 Detected: 14 Untreated: 14 Start time: 27/03/2007 9:00:49 AM Duration: 01:35:44 Finish time: 27/03/2007 10:36:33 AM Detected -------- Status Object ------ ------ detected: Trojan program Trojan-Downloader.Win32.Small.buy File: C:\Documents and Settings\Stephanie\.housecall6.6\Quarantine\104[1].net.bac_a04028//CryptFF.b//stream//data0002//UPX detected: adware not-a-virus:AdWare.Win32.Softomate.u File: C:\Documents and Settings\Stephanie\.housecall6.6\Quarantine\104[1].net.bac_a04028//CryptFF.b//stream//data0004 detected: adware not-a-virus:AdWare.Win32.Softomate.u File: C:\Documents and Settings\Stephanie\.housecall6.6\Quarantine\131[1].net.bac_a03600//CryptFF.b//stream//data0002 detected: adware not-a-virus:AdWare.Win32.Softomate.u File: C:\Documents and Settings\Stephanie\.housecall6.6\Quarantine\131[1].net.bac_a03600//CryptFF.b//stream//data0004 detected: adware not-a-virus:AdWare.Win32.DelphinMediaViewer.c File: C:\Documents and Settings\Stephanie\.housecall6.6\Quarantine\appsetup[1].exe.bac_a03600//CryptFF.b detected: adware not-a-virus:AdWare.Win32.CommAd.a File: C:\Documents and Settings\Stephanie\.housecall6.6\Quarantine\asappsrv.dll.bac_a04028//CryptFF.b//UPX detected: adware not-a-virus:AdWare.Win32.Softomate.u File: C:\Documents and Settings\Stephanie\.housecall6.6\Quarantine\b131.exe.bac_a03600//CryptFF.b detected: adware not-a-virus:AdWare.Win32.CommAd.a File: C:\Documents and Settings\Stephanie\.housecall6.6\Quarantine\command.exe.bac_a04028//CryptFF.b//UPX detected: adware not-a-virus:AdWare.Win32.DelphinMediaViewer.f File: C:\Documents and Settings\Stephanie\.housecall6.6\Quarantine\nfom.dll.bac_a00268//CryptFF.b detected: Trojan program Trojan-Spy.Win32.VB.qq File: C:\Documents and Settings\Stephanie\Desktop\requested-files[2007-03-21_13_43].cab detected: Trojan program Trojan-Spy.Win32.VB.qq File: C:\Documents and Settings\Stephanie\Desktop\requested-files[2007-03-21_13_43].cab/C:\WINDOWS\iexplorer.exe//RLPack detected: adware not-a-virus:AdWare.Win32.Softomate.al File: C:\RECYCLER\S-1-5-18\Dc1\Update.exe detected: Trojan program Trojan-Spy.Win32.VB.qq File: C:\RECYCLER\S-1-5-21-2000478354-492894223-854245398-1003\Dc7.cab/C:\WINDOWS\iexplorer.exe//RLPack detected: Trojan program Trojan-Spy.Win32.VB.qq File: C:\RECYCLER\S-1-5-21-2000478354-492894223-854245398-1003\Dc7.cab Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- All objects 280992 - 14 - 14 - 0 - 0 - 3185 - 674 - 38 - 1 System memory 1817 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 Startup objects 2193 - 0 - 0 - 0 - 0 - 10 - 35 - 0 - 0 Mail databases 2490 - 0 - 0 - 0 - 0 - 873 - 343 - 0 - 0 All hard drives 274492 - 14 - 14 - 0 - 0 - 2302 - 296 - 38 - 1 All removable drives 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 Settings -------- Parameter Value --------- ----- Security Level - Recommended Action Prompt for action when the scan is complete Run mode - Manually File types - Scan all files Scan only new and changed files No Scan archives - All Scan embedded OLE objects - All Skip if object is larger than - No Skip if scan takes longer than - No Parse email formats - No Scan password-protected archives - No Enable iChecker technology - Yes Enable iSwift technology - Yes Show detected threats on "Detected" tab - Yes |
|
|
|
|
03-27-2007, 10:45 AM
|
#49 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista
|
Re: Need help with malware, virus, spyware problem.
No worries there--Kaspersky is only detecting items already safely quarantined, in your recycle bin and the cab file you created to submit files for analysis. You can delete those:
I don't see the attached BitDefender report--could you please try again to attach it? |
|
|
|
|
03-27-2007, 11:56 AM
|
#50 (permalink) |
|
Registered User
Join Date: Aug 2006
Posts: 47
OS: Windows Vista Home Premium
|
Re: Need help with malware, virus, spyware problem.
Oh, bugger *smacks forehead* what a moron eh? Here ya go.
**I've put it in a Word .doc file as I can't upload .html files. I'd make it a .txt document, but then it's all tags and very hard to read. Thanks! |
|
|
|
|
03-27-2007, 10:50 PM
|
#51 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista
|
Re: Need help with malware, virus, spyware problem.
It's ok--and thanks for the considerate format of the BitDefender log. BitDefender detected the same entries as Kaspersky--nothing new. These logs are coming up clean. How is your system behaving now? |
|
|
|
