Disabled by administrator?

Clownage · 10-29-2006, 10:54 PM

I've got quite a problem on my hands. I've always thought myself to be at least sort of proficient with computers. However i'm stumped.

My computer has been acting up a bit lately. Slowly getting worse. My virus scans come up clean etc...

Until This week. I can't open Command prompt, Task manager or use system restore(Yes, I've tried in safe mode) I get a message telling me that these services have been disabled by the administrator. I'm the only one who uses this computer...

So i'm totally stumped. I REALLY don't want to have to go through another reformat. I've just got everything back to how i like it :(

Any help at all would be greatly appreciated.

EDIT: Sorry read around a bit... heres my hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 12:59:23 AM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Nick\LOCALS~1\Temp\Rar$EX00.625\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

tetonbob · 10-31-2006, 11:49 AM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

This may take a few steps...do not confuse lack of symptoms with a clean system.

Download and save it to your desktop - SDFix - http://downloads.andymanchesta.com/R...ools/SDFix.zip

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file
Report.txt back onto the forum with a new HijackThis log

Clownage · 10-31-2006, 12:27 PM

Command prompt has been disabled by the administrator.

Got that when i tried in safe mode.

EDIT: I also tried using Enable_command_prompt and got an error saying registry editting has been disabled by the administrator.

tetonbob · 10-31-2006, 03:26 PM

We'll try this another way...

Before you do anything else, create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Download combofix from one of these locations:
- http://www.techsupportforum.com/sectools/combofix.exe
- http://download.bleepingcomputer.com/sUBs/combofix.exe
Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

Download- bfu.zip
Extract the file to it's own folder, such as C:\BFU
Checkmark the following boxes:
- Use settings specified in script for the above option
- Show log after script ends
Click the Web button located on the top right corner
Copy/Paste this url into the address bar of the Download script window:
http://metallica.geekstogo.com/alcanshorty.bfu
Execute the script by clicking the Execute button.
When it finishes running, click the Save button for a copy of the log
Post the log created by the script when you have completed the fix

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Close HijackThis now.

---------------------------------------------------------------------------------------------

Delete this file:

C:\WINDOWS\system32\scvhost.exe<<<note the spelling! This is NOT the legit MS file, svchost.exe!!

See if SDFix will run now, and follow the instructions from the last post.

In any case, restart in normal mode.

Let me know how that all goes.

Return with results from:

ComboFix
SDFix (if possible)
A fresh HJT log.

Clownage · 11-01-2006, 12:29 PM

Notes: Combofix wouldn't launch at first. Or after the changes.
Bruteforce ran and said it removed several files. However the log shows otherwise.
In safemode While using Hijack this i found and removed all of the files you named.
Also i couldn't find the scvhost in my system32 folder.
I'm also getting errors now about not being able to open scvhost.exe. assuming this is a good thing and the spyware is just flipping out.

Last but not least. As of running bruteforce a file appeared in my C:\ Called Bintheredunthat

Logfile of HijackThis v1.99.1
Scan saved at 2:24:04 PM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\ManifestEngine.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Nick\Desktop\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

-----------------------------------------------

BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 2:08:09 PM, on 11/1/2006

Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll|1 (file not found)
Failed: DllUnregister \asappsrv.dll|1 (file not found)
Failed: DllUnregister \MyToolBar.dll (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Failed: RegDelValue HKCU\software\microsoft\windows\currentversion\policies\explorer\run|{84c4d3ae-0bb0-1033-0729-050001} (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\MyToolBar.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\MyToolBar.dll (operation failed)
Failed: FolderDelete C:\Program Files\toolbar888 (folder not found)
Failed: FolderDelete C:\Program Files\e-mailpaysu toolbar (folder not found)
Failed: FolderDelete C:\Program Files\EMUSIC TOOLBAR (folder not found)
Failed: FolderDelete C:\Program Files\find dvd toolbar (folder not found)
Failed: FolderDelete C:\Program Files\GULESIDER VERKTøYLINJE (folder not found)
Failed: FolderDelete C:\Program Files\sesam-p4 toolbar (folder not found)
Failed: FolderDelete C:\Program Files\slownik ling (folder not found)
Failed: FolderDelete C:\Program Files\MediaPipe (folder not found)
Failed: FolderDelete C:\Program Files\p2pnetworks (folder not found)
Failed: FolderDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\Cookies (operation failed)
Failed: FolderDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\History (operation failed)
Failed: FolderDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\hsperfdata_Nick (operation failed)
Failed: FileDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\Perflib_Perfdata_988.dat (operation failed)
Failed: FolderDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\Temporary Internet Files (operation failed)
Failed: FileDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\~DF8204.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\~DFDF4D.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\~DFDF52.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\~DFF476.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\~DFF47C.tmp (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\Snowball Wars (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\crunner (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
Failed: FolderDelete C:\Program Files\PSHope (folder not found)
Failed: FolderDelete C:\Program Files\Batty (folder not found)
Failed: FolderDelete C:\Program Files\Batty2 (folder not found)
Failed: FolderDelete C:\Program Files\AXFibula (folder not found)
Failed: FolderDelete C:\Program Files\CMFibula (folder not found)
Failed: FolderDelete C:\Program Files\PSLister (folder not found)
Failed: FolderDelete C:\Program Files\PSCloner (folder not found)
Failed: FolderDelete C:\Program Files\PSDream (folder not found)
Failed: FolderDelete C:\Program Files\cmapp (folder not found)
Failed: FolderDelete C:\Program Files\cmman (folder not found)
Failed: FolderDelete C:\Program Files\cmsystem (folder not found)
Failed: FolderDelete C:\Program Files\fcengine (folder not found)
Failed: FolderDelete C:\Program Files\wincmapp (folder not found)
Failed: FolderDelete C:\Program Files\Deskbar\Cache (folder not found)
Failed: FolderDelete C:\Program Files\popupwithcast (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\cloader (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.

tetonbob · 11-01-2006, 07:58 PM

C:\ Called Bintheredunthat is a quarantine folder for the BFU. The log produced is more for me, to show it did run. What you see is normal.

Combo still won't run? Nor SDFix?

Try running ComboFix in safe mode, after fixing these items with HJT:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe

Does Regedit open now? Can you open a command prompt?

Clownage · 11-01-2006, 10:50 PM

I removed the mentioned files. Booted into safe mode ands till couldn't get into regedit or cmd. so none of the other programs worked.

I booted back to normal windows and Regedit now worked O.o. So i ran Enable_command_prompt Found in the SDfix folder. Heres My progress now:

Nick - 06-11-02 0:46:43.33 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Nick\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-02 to 2006-11-02 ))))))))))))))))))))))))))))))))))

2006-10-28 01:33 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2006-10-28 01:33 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-10-22 18:18 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2006-10-15 22:34 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll
2006-10-15 22:34 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2006-10-15 22:34 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2006-10-15 22:34 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2006-10-15 22:34 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2006-10-15 22:34 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2006-10-15 22:34 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2006-10-15 22:34 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2006-10-15 22:34 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll
2006-10-15 22:34 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll
2006-10-15 22:34 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2006-10-15 22:34 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2006-10-15 22:34 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2006-10-15 22:34 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
2006-10-15 22:34 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2006-10-15 22:34 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
2006-10-15 22:34 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2006-10-15 22:34 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
2006-10-15 22:34 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2006-10-15 22:34 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2006-10-15 22:34 1,317,152 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2006-10-13 00:21 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-10 19:40 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2006-10-10 19:40 190 --a------ C:\WINDOWS\system32\del32.bat
2006-10-10 19:40 163,328 --a------ C:\WINDOWS\system32\wsock32.sys
2006-10-02 19:01 36,864 --------- C:\WINDOWS\system32\wbsys.dll
2006-10-02 19:01 20,480 --a------ C:\WINDOWS\system32\wbload.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-02 00:36 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-01 18:41 -------- d-------- C:\Program Files\WhatPulse
2006-10-31 10:14 -------- d-------- C:\Documents and Settings\Nick\Application Data\uTorrent
2006-10-28 01:34 -------- d-------- C:\Program Files\Game Cam v1.4
2006-10-22 18:18 -------- d-------- C:\Program Files\EA GAMES
2006-10-20 22:07 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-20 22:07 -------- d-------- C:\Program Files\Electronic Arts
2006-10-20 19:41 -------- d-------- C:\Program Files\Steam
2006-10-19 11:27 -------- d-------- C:\Program Files\Mozilla Firefox 2 Beta 1
2006-10-19 11:24 -------- d-------- C:\Program Files\Apple Software Update
2006-10-17 13:33 -------- d---s---- C:\Documents and Settings\Nick\Application Data\Microsoft
2006-10-15 22:34 -------- d-------- C:\Program Files\Logitech
2006-10-15 22:34 -------- d-------- C:\Program Files\Common Files\Logitech
2006-10-15 22:34 -------- d-------- C:\Program Files\Common Files
2006-10-13 00:20 -------- d-------- C:\Program Files\Microsoft Works
2006-10-13 00:20 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-10-13 00:20 -------- d-------- C:\Program Files\Microsoft Office
2006-10-13 00:20 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-13 00:20 -------- d-------- C:\Program Files\Common Files\System
2006-10-13 00:20 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-13 00:20 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-10-04 13:51 -------- d-------- C:\Program Files\iTunes
2006-10-04 13:51 -------- d-------- C:\Program Files\iPod
2006-10-04 13:50 -------- d-------- C:\Program Files\QuickTime
2006-10-02 19:01 -------- d-------- C:\Program Files\Stardock
2006-09-28 12:21 -------- d-------- C:\Program Files\Super DVD Ripper
2006-09-28 12:11 4 --a------ C:\WINDOWS\system32\micr0st.dll
2006-09-28 12:09 -------- d-------- C:\Program Files\Flash DVD Ripper
2006-09-28 01:13 -------- d-------- C:\Program Files\DAEMON Tools
2006-09-28 01:10 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-27 15:05 -------- d-------- C:\Program Files\America's Army Server Manager
2006-09-27 15:05 -------- d-------- C:\Program Files\America's Army
2006-09-26 12:37 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-09-26 12:35 -------- d-------- C:\Program Files\ASUS
2006-09-24 01:36 -------- d-------- C:\Program Files\Triad Interactive
2006-09-24 01:36 -------- d-------- C:\Program Files\SimNet 2003 Seneca
2006-09-22 17:43 -------- d-------- C:\Program Files\Sierra
2006-09-21 17:42 -------- dr-h----- C:\Documents and Settings\Nick\Application Data\SecuROM
2006-09-20 02:40 -------- d-------- C:\Program Files\Winamp
2006-09-19 23:23 -------- d-------- C:\Program Files\Windows Media Player
2006-09-18 17:20 -------- d-------- C:\Documents and Settings\Nick\Application Data\Apple Computer
2006-09-13 01:45 -------- d-------- C:\Program Files\1964
2006-09-13 01:40 -------- d-------- C:\Program Files\Project64 1.6
2006-09-12 16:40 -------- d-------- C:\Program Files\Codemasters
2006-09-09 17:45 -------- d-------- C:\Program Files\Zone.com Deluxe Games
2006-09-08 01:46 -------- d-------- C:\Program Files\Warcraft III
2006-09-05 23:25 -------- d-------- C:\Program Files\CCleaner
2006-09-05 11:50 -------- d-------- C:\Program Files\MSN Messenger
2006-08-14 18:45 2829 --a------ C:\WINDOWS\War3Unin.pif
2006-08-14 18:45 139264 --a------ C:\WINDOWS\War3Unin.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

SDFix: Version 1.34
-------------------

Scan run on:
Thu 11/02/2006

Time:
12:53 AM

Microsoft Windows XP [Version 5.1.2600]

Running from: C:\Documents and Settings\Nick\Desktop\SDFix

Stage One...

Checking Services...

Name:
-----

Path:
----

Repairing Registry...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two...

Checking For Malware:
--------------------

C:\WINDOWS\system32\ckl009.dat
C:\WINDOWS\system32\wsock32.sys

Backing Up and Removing any Files Found...

Final Check:

Services:
---------

Files:
------

Any files removed are saved to the SDFix\backups Folder

FINISHED

Logfile of HijackThis v1.99.1
Scan saved at 12:58:49 AM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Nick\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

tetonbob · 11-02-2006, 12:12 AM

Good job, Clownage.

Now, you say you're proficient, and your last actions prove that out to me...but you're running an unprotected system...No Anti-Virus or Firewall (other than XPs, which does not alert you to outbond traffic).

Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer.

Please download and install this excellent and FREE anti-virus program:

Please download Active Virus Shield (powered by Kaspersky) and save it to your desktop.

Please remember to register for your Activation Code using a legitimate email address.
Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:
Then please update the program and run a systemwide scan. Allow it to neutralize all that it finds.
When done, launch Active Virus Shield's main window.
Click the Scan button on the left, and then click Detected.
In the ensuing window, click the Save As button to save a copy of the log.
Copy and paste that log in your next reply.

Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

I'd like you to perform this thorough cleaning now that we've gotten the obvious problems out of the way....

Download AVG Anti-Spyware

Install AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware

You will need to update AVG Anti-Spyware to the latest definition files.

On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.

If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti-Spyware. Do Not run a scan just yet, we will shortly.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

---------------------------------------------------------------------------------------------

Establish an internet connection & perform an online scan using Internet Explorer at Free Online Virus Scanner and File Scanner - Kaspersky Lab Antivirus Software

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Please return with results from:

Active Virus Scan
AVG Anti-Spyware
Kaspersky
A Fresh HJT log

How is your system behaving now, please?

Clownage · 11-02-2006, 01:27 PM

Yeah it's more of a lack of knowledge when it comes to my spyware software. I've used nortons in the past, but that program is like throwing your computer down the stairs.

Kapersky Wouldn't run, i'd hit "Ok" and it would just freeze.

Protection
----------
Total scanned: 237253
Detected: 4
Untreated: 0
Start time: 11/2/2006 9:40:03 AM
Duration: 03:20:05

Detected
--------
Status Object
------ ------
deleted: Trojan program Backdoor.Win32.Ciadoor.13 File: C:\Documents and Settings\Nick\Desktop\SDFix\backups\backups.zip\backups/wsock32.sys
deleted: Trojan program Backdoor.Win32.Bifrose.sz File: C:\Documents and Settings\Nick\My Documents\Downloads\Fraps_+_crack.rar\crack\crack.exe/data0000.cab\STEAMP~1.EXE
deleted: Trojan program Backdoor.Win32.Bifrose.sz File: C:\Documents and Settings\Nick\My Documents\Downloads\Fraps_+_crack.rar\Fraps_install.exe
deleted: Trojan program Backdoor.Win32.Bifrose.sz File: C:\WINDOWS\system32\BjO926m9hj.ini

Events
------
Time Event
---- -----
11/2/2006 9:34:59 AM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
11/2/2006 9:40:01 AM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
11/2/2006 9:40:50 AM Process (PID 828) tried to access Active Virus Shield process (PID 1716), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
11/2/2006 9:41:04 AM Please restart your computer to complete the installation of new or updated protection components.
11/2/2006 9:41:17 AM Update completed successfully.
11/2/2006 9:53:53 AM File C:\Documents and Settings\Nick\Desktop\SDFix\backups\backups.zip\backups/wsock32.sys: detected Trojan program Backdoor.Win32.Ciadoor.13
11/2/2006 9:53:54 AM Security threats have been detected. You are advised to neutralize them immediately.
11/2/2006 9:53:54 AM File C:\Documents and Settings\Nick\Desktop\SDFix\backups\backups.zip\backups/wsock32.sys: is not disinfected, postponed
11/2/2006 9:54:47 AM File C:\Documents and Settings\Nick\My Documents\Downloads\Fraps_+_crack.rar\crack\crack.exe/data0000.cab\STEAMP~1.EXE: detected Trojan program Backdoor.Win32.Bifrose.sz
11/2/2006 9:54:47 AM File C:\Documents and Settings\Nick\My Documents\Downloads\Fraps_+_crack.rar\crack\crack.exe/data0000.cab\STEAMP~1.EXE: is not disinfected, postponed
11/2/2006 9:54:47 AM File C:\Documents and Settings\Nick\My Documents\Downloads\Fraps_+_crack.rar\Fraps_install.exe: detected Trojan program Backdoor.Win32.Bifrose.sz
11/2/2006 11:47:47 AM Update completed successfully.
11/2/2006 12:30:03 PM File C:\WINDOWS\system32\BjO926m9hj.ini: detected Trojan program Backdoor.Win32.Bifrose.sz
11/2/2006 12:30:03 PM File C:\WINDOWS\system32\BjO926m9hj.ini: is not disinfected, postponed
11/2/2006 12:59:12 PM File c:\documents and settings\nick\desktop\sdfix\backups\backups.zip\backups/wsock32.sys: detected Trojan program Backdoor.Win32.Ciadoor.13
11/2/2006 12:59:29 PM File c:\documents and settings\nick\desktop\sdfix\backups\backups.zip\backups/wsock32.sys: deleted
11/2/2006 12:59:30 PM File c:\documents and settings\nick\my documents\downloads\fraps_+_crack.rar\crack\crack.exe/data0000.cab\STEAMP~1.EXE: detected Trojan program Backdoor.Win32.Bifrose.sz
11/2/2006 12:59:38 PM File c:\documents and settings\nick\my documents\downloads\fraps_+_crack.rar\crack\crack.exe: deleted
11/2/2006 12:59:38 PM File c:\documents and settings\nick\my documents\downloads\fraps_+_crack.rar\Fraps_install.exe: detected Trojan program Backdoor.Win32.Bifrose.sz
11/2/2006 12:59:40 PM File c:\documents and settings\nick\my documents\downloads\fraps_+_crack.rar\Fraps_install.exe: deleted
11/2/2006 12:59:41 PM File c:\windows\system32\bjo926m9hj.ini: detected Trojan program Backdoor.Win32.Bifrose.sz
11/2/2006 12:59:45 PM File c:\windows\system32\bjo926m9hj.ini: deleted

Reports
-------
Task Status Start Finish Size
---- ------ ----- ------ ----
File Anti-Virus running 11/2/2006 9:40:03 AM 724.6 KB
Mail Anti-Virus running 11/2/2006 9:40:03 AM 0 bytes
Update completed 11/2/2006 9:40:03 AM 11/2/2006 9:41:17 AM 86.3 KB
Scan My Computer completed 11/2/2006 9:45:39 AM 11/2/2006 1:04:24 PM 44.6 MB
Scan Startup Objects completed 11/2/2006 9:45:44 AM 11/2/2006 9:47:54 AM 686.5 KB
Update completed 11/2/2006 11:46:05 AM 11/2/2006 11:47:46 AM 10.5 KB

Quarantine
----------
Status Object Size Added
------ ------ ---- -----

Backup
------
Status Object Size
------ ------ ----
Infected: Trojan program Backdoor.Win32.Bifrose.sz c:\documents and settings\nick\my documents\downloads\fraps_+_crack.rar 2.4 MB
Infected: Trojan program Backdoor.Win32.Ciadoor.13 c:\documents and settings\nick\desktop\sdfix\backups\backups.zip 241.7 KB
Infected: Trojan program Backdoor.Win32.Bifrose.sz c:\windows\system32\bjo926m9hj.ini 1.2 MB

+ Created at: 3:23:19 PM 11/2/2006

+ Scan result:

C:\WINDOWS\wt\backup\1.6.0.037\wcmdmgr.exe -> Adware.Wildtangent : Cleaned.
C:\WINDOWS\wt\updater\wcmdmgr.exe -> Adware.Wildtangent : Cleaned.
:mozilla.56:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.62:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.313:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.321:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.327:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.144:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.145:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.146:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.149:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.150:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.151:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.285:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.189:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.193:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.130:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.131:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.132:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.133:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.134:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Nick\Cookies\nick@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.190:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.191:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.192:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.24:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.35:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.37:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.38:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.39:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.40:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.41:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.42:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.43:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.63:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.169:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.170:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.171:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.172:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.174:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.175:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.176:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.177:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.178:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.179:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.74:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.233:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.234:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.235:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.86:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.87:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.88:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.89:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.90:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.96:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.97:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.98:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.296:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.297:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.93:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.94:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.95:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.99:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.303:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.304:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.305:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.306:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.307:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.308:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.230:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.231:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.232:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.237:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.238:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.239:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.240:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.241:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.242:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.243:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.244:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.245:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.246:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.247:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.248:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.249:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.250:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.251:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.252:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.253:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.254:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.255:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.256:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.257:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.258:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.259:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.260:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.261:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.262:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.263:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.264:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.265:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.266:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.290:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.291:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.292:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.293:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.182:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.183:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.184:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.373:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.135:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.136:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.137:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.138:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.336:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.16:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.17:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.18:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.200:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.202:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.206:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 3:27:19 PM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Nick\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

tetonbob · 11-02-2006, 07:46 PM

I'd like to get one online scan in, but your system appears to be in good shape from my perspective. How is it behaving now?

If possible, run this online scan:

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Paste the Panda Scan report here.

Clownage · 11-02-2006, 11:33 PM

It's still a bit sloppy but that could just be the extra stuff on my comp running. Definite improvement though.

Incident Status Location

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.advertising.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.2o7.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.go.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.overture.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nick\Cookies\nick@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nick\Cookies\nick@doubleclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Nick\Desktop\SDFix\apps\Process.exe
Possible Virus. Not disinfected C:\Documents and Settings\Nick\Desktop\SDFix\apps\swsc.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Nick\Desktop\SDFix.zip[SDFix/apps/Process.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Nick\Desktop\SDFix.zip[SDFix/apps/swsc.exe]

tetonbob · 11-03-2006, 07:50 AM

Nothing but cookies and files placed on the system by tools we used. Base issues seems resolved.

Clear your Firefox cookies. From the open browser, go toTools>Options>Privacy>Cookies>Clear

Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General tab>under Temporary files, click on Delete Cookies.

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.

AVG Anti-Spyware would be a good program to keep, update and run a scan with once a week or so. It adds another layer of protection to your system's security tools. You may want to prevent AVG Anti-Spyware from running at Windows startup, and just call it into service when needed. This may help with system boot times. To do so, right click on the AVG A/S system tray icon, and uncheck Start with Windows.

Create a new System Restore point

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

Enable Windows Auto Update

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
SpywareGuard to catch and block spyware before it can execute.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
AD-AWARE
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- Download IE-SpyAD - Extract the contents to a new folder
  From within the folder, double-click install.bat
  Select Option #2 - Install the new IE-SPYAD list.
  Then return to the main menu.
  Select option #4 - Add the old porn sites domain
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

10-29-2006, 10:54 PM	#1 (permalink)
Clownage Registered User Join Date: Oct 2006 Posts: 6 OS: XP	Disabled by administrator? I've got quite a problem on my hands. I've always thought myself to be at least sort of proficient with computers. However i'm stumped. My computer has been acting up a bit lately. Slowly getting worse. My virus scans come up clean etc... Until This week. I can't open Command prompt, Task manager or use system restore(Yes, I've tried in safe mode) I get a message telling me that these services have been disabled by the administrator. I'm the only one who uses this computer... So i'm totally stumped. I REALLY don't want to have to go through another reformat. I've just got everything back to how i like it :( Any help at all would be greatly appreciated. EDIT: Sorry read around a bit... heres my hijackthis log. Logfile of HijackThis v1.99.1 Scan saved at 12:59:23 AM, on 10/30/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Nick\LOCALS~1\Temp\Rar$EX00.625\HijackThis.exe F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Last edited by Clownage; 10-29-2006 at 11:00 PM.

10-31-2006, 11:49 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,543 OS: 2000 Pro; XP Pro; XP Home	Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- This may take a few steps...do not confuse lack of symptoms with a clean system. Download and save it to your desktop - SDFix - http://downloads.andymanchesta.com/R...ools/SDFix.zip Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. In Safe Mode, right click the SDFix.zip folder and choose Extract All, Open the extracted folder and double click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

10-31-2006, 12:27 PM	#3 (permalink)
Clownage Registered User Join Date: Oct 2006 Posts: 6 OS: XP	Command prompt has been disabled by the administrator. Got that when i tried in safe mode. EDIT: I also tried using Enable_command_prompt and got an error saying registry editting has been disabled by the administrator. Last edited by Clownage; 10-31-2006 at 12:37 PM.

10-31-2006, 03:26 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,543 OS: 2000 Pro; XP Pro; XP Home	We'll try this another way... Before you do anything else, create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted. Download combofix from one of these locations: http://www.techsupportforum.com/sectools/combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall --------------------------------------------------------------------------------------------- Download- bfu.zip Extract the file to it's own folder, such as C:\BFU Checkmark the following boxes: Use settings specified in script for the above option Show log after script ends Click the Web button located on the top right corner Copy/Paste this url into the address bar of the Download script window: http://metallica.geekstogo.com/alcanshorty.bfu Execute the script by clicking the Execute button. When it finishes running, click the Save button for a copy of the log Post the log created by the script when you have completed the fix Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 Close HijackThis now. --------------------------------------------------------------------------------------------- Delete this file: C:\WINDOWS\system32\scvhost.exe<<<note the spelling! This is NOT the legit MS file, svchost.exe!! See if SDFix will run now, and follow the instructions from the last post. In any case, restart in normal mode. Let me know how that all goes. Return with results from: ComboFix SDFix (if possible) A fresh HJT log. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-01-2006, 07:58 PM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,543 OS: 2000 Pro; XP Pro; XP Home	C:\ Called Bintheredunthat is a quarantine folder for the BFU. The log produced is more for me, to show it did run. What you see is normal. Combo still won't run? Nor SDFix? Try running ComboFix in safe mode, after fixing these items with HJT: F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe Does Regedit open now? Can you open a command prompt? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-01-2006, 12:29 PM	#5 (permalink)
Clownage Registered User Join Date: Oct 2006 Posts: 6 OS: XP	Notes: Combofix wouldn't launch at first. Or after the changes. Bruteforce ran and said it removed several files. However the log shows otherwise. In safemode While using Hijack this i found and removed all of the files you named. Also i couldn't find the scvhost in my system32 folder. I'm also getting errors now about not being able to open scvhost.exe. assuming this is a good thing and the spyware is just flipping out. Last but not least. As of running bruteforce a file appeared in my C:\ Called Bintheredunthat Logfile of HijackThis v1.99.1 Scan saved at 2:24:04 PM, on 11/1/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Video\ManifestEngine.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Nick\Desktop\HijackThis.exe F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe ----------------------------------------------- BFU v1.00.9 Windows XP SP2 (WinNT 5.01.2600 SP2) Script started at 2:08:09 PM, on 11/1/2006 Failed: DllUnregister C:\WINDOWS\DH.dll\|1 (file not found) Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll\|1 (file not found) Failed: DllUnregister \asappsrv.dll\|1 (file not found) Failed: DllUnregister \MyToolBar.dll (file not found) Failed: ServiceStop Network Monitor (service not found) Failed: ServiceStop cmdService (service not found) Failed: ServiceDisable Network Monitor (service not found) Failed: ServiceDisable cmdService (service not found) Failed: ServiceDelete Network Monitor (service not found) Failed: ServiceDelete cmdService (service not found) Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa\|p2pnetwork (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE\|p2pnetwork (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE\|winlog (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\|LowRiskFileTypes (key not found) Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\|WinUpdate.exe (key not found) Failed: RegDelValue HKCU\software\microsoft\windows\currentversion\policies\explorer\run\|{84c4d3ae-0bb0-1033-0729-050001} (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\|CU1 (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\|CU2 (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\|services32 (key not found) Option pause between commands: 300 ms Option pause between commands: 50 ms Failed: FolderDelete C:\Program Files\MsConfigs (folder not found) Failed: FolderDelete C:\Program Files\winupdates (folder not found) Failed: FolderDelete C:\Program Files\winupdate (folder not found) Failed: FolderDelete C:\Program Files\winsupdater (folder not found) Failed: FolderDelete C:\Program Files\MsUpdate (folder not found) Failed: FolderDelete C:\Program Files\MsMovies (folder not found) Failed: FolderDelete C:\Program Files\wmplayer (folder not found) Failed: FolderDelete C:\Program Files\outlook (folder not found) Failed: FileDelete C:\Program Files\Common Files\Windows\mc--.exe (operation failed) Failed: FileDelete C:\Program Files\Common Files\Download\mc--.exe (operation failed) Failed: FileDelete C:\Program Files\common files\{--1033--}\update.exe (operation failed) Failed: FileDelete C:\Program Files\common files\{--1033--}\services.dll (operation failed) Failed: FileDelete C:\Program Files\common files\{--1033--}\activate.exe (operation failed) Failed: FileDelete C:\Program Files\common files\{--1033--}\MyToolBar.dll (operation failed) Failed: FileDelete C:\Program Files\common files\{--2057--}\update.exe (operation failed) Failed: FileDelete C:\Program Files\common files\{--2057--}\services.dll (operation failed) Failed: FileDelete C:\Program Files\common files\{--2057--}\activate.exe (operation failed) Failed: FileDelete C:\Program Files\common files\{--2057--}\MyToolBar.dll (operation failed) Failed: FolderDelete C:\Program Files\toolbar888 (folder not found) Failed: FolderDelete C:\Program Files\e-mailpaysu toolbar (folder not found) Failed: FolderDelete C:\Program Files\EMUSIC TOOLBAR (folder not found) Failed: FolderDelete C:\Program Files\find dvd toolbar (folder not found) Failed: FolderDelete C:\Program Files\GULESIDER VERKTøYLINJE (folder not found) Failed: FolderDelete C:\Program Files\sesam-p4 toolbar (folder not found) Failed: FolderDelete C:\Program Files\slownik ling (folder not found) Failed: FolderDelete C:\Program Files\MediaPipe (folder not found) Failed: FolderDelete C:\Program Files\p2pnetworks (folder not found) Failed: FolderDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\Cookies (operation failed) Failed: FolderDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\History (operation failed) Failed: FolderDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\hsperfdata_Nick (operation failed) Failed: FileDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\Perflib_Perfdata_988.dat (operation failed) Failed: FolderDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\Temporary Internet Files (operation failed) Failed: FileDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\~DF8204.tmp (operation failed) Failed: FileDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\~DFDF4D.tmp (operation failed) Failed: FileDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\~DFDF52.tmp (operation failed) Failed: FileDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\~DFF476.tmp (operation failed) Failed: FileDelete C:\DOCUME~1\Nick\LOCALS~1\Temp\~DFF47C.tmp (operation failed) Failed: FolderDelete C:\Program Files\Maxifiles (folder not found) Failed: FolderDelete C:\Program Files\DNS (folder not found) Failed: FolderDelete C:\Program Files\EQAdvice (folder not found) Failed: FolderDelete C:\Program Files\FCAdvice (folder not found) Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found) Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found) Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found) Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found) Failed: FolderDelete C:\Program Files\InetGet2 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found) Failed: FolderDelete C:\Program Files\Network Monitor (folder not found) Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found) Failed: FolderDelete C:\Program Files\Update06 (folder not found) Failed: FolderDelete C:\Program Files\Update03 (folder not found) Failed: FolderDelete C:\Program Files\Update04 (folder not found) Failed: FolderDelete C:\Program Files\Update08 (folder not found) Failed: FolderDelete C:\Program Files\W-Update (folder not found) Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found) Failed: FolderDelete C:\Program Files\Cas (folder not found) Failed: FolderDelete C:\Program Files\CasStub (folder not found) Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found) Failed: FolderDelete C:\Program Files\ipwins (folder not found) Failed: FolderDelete C:\Program Files\Common Files\Snowball Wars (folder not found) Failed: FolderDelete C:\temp (folder not found) Failed: FolderDelete C:\WINDOWS\mdrive (folder not found) Failed: FolderDelete C:\WINDOWS\system32\crunner (folder not found) Failed: FolderDelete C:\Program Files\PECarlin (folder not found) Failed: FolderDelete C:\Program Files\AXVenore (folder not found) Failed: FolderDelete C:\Program Files\SDVita (folder not found) Failed: FolderDelete C:\Program Files\EQBranch (folder not found) Failed: FolderDelete C:\Program Files\EQArticle (folder not found) Failed: FolderDelete C:\Program Files\PSHope (folder not found) Failed: FolderDelete C:\Program Files\Batty (folder not found) Failed: FolderDelete C:\Program Files\Batty2 (folder not found) Failed: FolderDelete C:\Program Files\AXFibula (folder not found) Failed: FolderDelete C:\Program Files\CMFibula (folder not found) Failed: FolderDelete C:\Program Files\PSLister (folder not found) Failed: FolderDelete C:\Program Files\PSCloner (folder not found) Failed: FolderDelete C:\Program Files\PSDream (folder not found) Failed: FolderDelete C:\Program Files\cmapp (folder not found) Failed: FolderDelete C:\Program Files\cmman (folder not found) Failed: FolderDelete C:\Program Files\cmsystem (folder not found) Failed: FolderDelete C:\Program Files\fcengine (folder not found) Failed: FolderDelete C:\Program Files\wincmapp (folder not found) Failed: FolderDelete C:\Program Files\Deskbar\Cache (folder not found) Failed: FolderDelete C:\Program Files\popupwithcast (folder not found) Failed: FolderDelete C:\Program Files\Common Files\cloader (folder not found) Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found) Failed: FileMove C:\WINDOWS\win-.exe\|C:\bintheredunthat (source file not found) Script completed.

11-01-2006, 10:50 PM	#7 (permalink)
Clownage Registered User Join Date: Oct 2006 Posts: 6 OS: XP	I removed the mentioned files. Booted into safe mode ands till couldn't get into regedit or cmd. so none of the other programs worked. I booted back to normal windows and Regedit now worked O.o. So i ran Enable_command_prompt Found in the SDfix folder. Heres My progress now: Nick - 06-11-02 0:46:43.33 Service Pack 2 ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Nick\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-10-02 to 2006-11-02 )))))))))))))))))))))))))))))))))) 2006-10-28 01:33 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2006-10-28 01:33 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2006-10-22 18:18 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2006-10-15 22:34 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll 2006-10-15 22:34 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL 2006-10-15 22:34 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL 2006-10-15 22:34 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL 2006-10-15 22:34 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL 2006-10-15 22:34 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe 2006-10-15 22:34 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL 2006-10-15 22:34 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL 2006-10-15 22:34 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll 2006-10-15 22:34 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll 2006-10-15 22:34 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL 2006-10-15 22:34 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL 2006-10-15 22:34 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll 2006-10-15 22:34 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll 2006-10-15 22:34 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys 2006-10-15 22:34 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll 2006-10-15 22:34 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll 2006-10-15 22:34 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll 2006-10-15 22:34 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys 2006-10-15 22:34 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll 2006-10-15 22:34 1,317,152 --a------ C:\WINDOWS\system32\drivers\lvcm.sys 2006-10-13 00:21 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2006-10-10 19:40 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys 2006-10-10 19:40 190 --a------ C:\WINDOWS\system32\del32.bat 2006-10-10 19:40 163,328 --a------ C:\WINDOWS\system32\wsock32.sys 2006-10-02 19:01 36,864 --------- C:\WINDOWS\system32\wbsys.dll 2006-10-02 19:01 20,480 --a------ C:\WINDOWS\system32\wbload.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-02 00:36 -------- d-------- C:\Program Files\Mozilla Firefox 2006-11-01 18:41 -------- d-------- C:\Program Files\WhatPulse 2006-10-31 10:14 -------- d-------- C:\Documents and Settings\Nick\Application Data\uTorrent 2006-10-28 01:34 -------- d-------- C:\Program Files\Game Cam v1.4 2006-10-22 18:18 -------- d-------- C:\Program Files\EA GAMES 2006-10-20 22:07 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-10-20 22:07 -------- d-------- C:\Program Files\Electronic Arts 2006-10-20 19:41 -------- d-------- C:\Program Files\Steam 2006-10-19 11:27 -------- d-------- C:\Program Files\Mozilla Firefox 2 Beta 1 2006-10-19 11:24 -------- d-------- C:\Program Files\Apple Software Update 2006-10-17 13:33 -------- d---s---- C:\Documents and Settings\Nick\Application Data\Microsoft 2006-10-15 22:34 -------- d-------- C:\Program Files\Logitech 2006-10-15 22:34 -------- d-------- C:\Program Files\Common Files\Logitech 2006-10-15 22:34 -------- d-------- C:\Program Files\Common Files 2006-10-13 00:20 -------- d-------- C:\Program Files\Microsoft Works 2006-10-13 00:20 -------- d-------- C:\Program Files\Microsoft Visual Studio 2006-10-13 00:20 -------- d-------- C:\Program Files\Microsoft Office 2006-10-13 00:20 -------- d-------- C:\Program Files\Microsoft ActiveSync 2006-10-13 00:20 -------- d-------- C:\Program Files\Common Files\System 2006-10-13 00:20 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-10-13 00:20 -------- d-------- C:\Program Files\Common Files\DESIGNER 2006-10-04 13:51 -------- d-------- C:\Program Files\iTunes 2006-10-04 13:51 -------- d-------- C:\Program Files\iPod 2006-10-04 13:50 -------- d-------- C:\Program Files\QuickTime 2006-10-02 19:01 -------- d-------- C:\Program Files\Stardock 2006-09-28 12:21 -------- d-------- C:\Program Files\Super DVD Ripper 2006-09-28 12:11 4 --a------ C:\WINDOWS\system32\micr0st.dll 2006-09-28 12:09 -------- d-------- C:\Program Files\Flash DVD Ripper 2006-09-28 01:13 -------- d-------- C:\Program Files\DAEMON Tools 2006-09-28 01:10 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2006-09-27 15:05 -------- d-------- C:\Program Files\America's Army Server Manager 2006-09-27 15:05 -------- d-------- C:\Program Files\America's Army 2006-09-26 12:37 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2006-09-26 12:35 -------- d-------- C:\Program Files\ASUS 2006-09-24 01:36 -------- d-------- C:\Program Files\Triad Interactive 2006-09-24 01:36 -------- d-------- C:\Program Files\SimNet 2003 Seneca 2006-09-22 17:43 -------- d-------- C:\Program Files\Sierra 2006-09-21 17:42 -------- dr-h----- C:\Documents and Settings\Nick\Application Data\SecuROM 2006-09-20 02:40 -------- d-------- C:\Program Files\Winamp 2006-09-19 23:23 -------- d-------- C:\Program Files\Windows Media Player 2006-09-18 17:20 -------- d-------- C:\Documents and Settings\Nick\Application Data\Apple Computer 2006-09-13 01:45 -------- d-------- C:\Program Files\1964 2006-09-13 01:40 -------- d-------- C:\Program Files\Project64 1.6 2006-09-12 16:40 -------- d-------- C:\Program Files\Codemasters 2006-09-09 17:45 -------- d-------- C:\Program Files\Zone.com Deluxe Games 2006-09-08 01:46 -------- d-------- C:\Program Files\Warcraft III 2006-09-05 23:25 -------- d-------- C:\Program Files\CCleaner 2006-09-05 11:50 -------- d-------- C:\Program Files\MSN Messenger 2006-08-14 18:45 2829 --a------ C:\WINDOWS\War3Unin.pif 2006-08-14 18:45 139264 --a------ C:\WINDOWS\War3Unin.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) SDFix: Version 1.34 ------------------- Scan run on: Thu 11/02/2006 Time: 12:53 AM Microsoft Windows XP [Version 5.1.2600] Running from: C:\Documents and Settings\Nick\Desktop\SDFix Stage One... Checking Services... Name: ----- Path: ---- Repairing Registry... Restoring Default Hosts File... Stage One Complete Rebooting... Stage Two... Checking For Malware: -------------------- C:\WINDOWS\system32\ckl009.dat C:\WINDOWS\system32\wsock32.sys Backing Up and Removing any Files Found... Final Check: Services: --------- Files: ------ Any files removed are saved to the SDFix\backups Folder FINISHED Logfile of HijackThis v1.99.1 Scan saved at 12:58:49 AM, on 11/2/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WhatPulse\WhatPulse.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Nick\Desktop\HijackThis.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Last edited by Clownage; 11-01-2006 at 10:59 PM.

11-02-2006, 12:12 AM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,543 OS: 2000 Pro; XP Pro; XP Home	Good job, Clownage. Now, you say you're proficient, and your last actions prove that out to me...but you're running an unprotected system...No Anti-Virus or Firewall (other than XPs, which does not alert you to outbond traffic). Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer. Please download and install this excellent and FREE anti-virus program: Please download Active Virus Shield (powered by Kaspersky) and save it to your desktop. Please remember to register for your Activation Code using a legitimate email address. Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process: Then please update the program and run a systemwide scan. Allow it to neutralize all that it finds. When done, launch Active Virus Shield's main window. Click the Scan button on the left, and then click Detected. In the ensuing window, click the Save As button to save a copy of the log. Copy and paste that log in your next reply. Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable. I'd like you to perform this thorough cleaning now that we've gotten the obvious problems out of the way.... Download AVG Anti-Spyware Install AVG Anti-Spyware Double-click the icon on Desktop to launch AVG Anti-Spyware You will need to update AVG Anti-Spyware to the latest definition files. On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti-Spyware. Do Not run a scan just yet, we will shortly. --------------------------------------------------------------------------------------------- Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. --------------------------------------------------------------------------------------------- Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). Restart in normal mode. --------------------------------------------------------------------------------------------- Establish an internet connection & perform an online scan using Internet Explorer at Free Online Virus Scanner and File Scanner - Kaspersky Lab Antivirus Software Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan --------------------------------------------------------------------------------------------- Please return with results from: Active Virus Scan AVG Anti-Spyware Kaspersky A Fresh HJT log How is your system behaving now, please? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-02-2006, 07:46 PM	#10 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,543 OS: 2000 Pro; XP Pro; XP Home	I'd like to get one online scan in, but your system appears to be in good shape from my perspective. How is it behaving now? If possible, run this online scan: Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan Paste the Panda Scan report here. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-02-2006, 11:33 PM	#11 (permalink)
Clownage Registered User Join Date: Oct 2006 Posts: 6 OS: XP	It's still a bit sloppy but that could just be the extra stuff on my comp running. Definite improvement though. Incident Status Location Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.burstnet.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.xiti.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.advertising.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.2o7.net/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.toplist.cz/] Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.adopt.hbmediapro.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.zedo.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.go.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.zedo.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.overture.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.statcounter.com/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.revenue.net/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[adserver.filefront.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\4ls87v2b.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nick\Cookies\nick@atdmt[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nick\Cookies\nick@doubleclick[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Nick\Desktop\SDFix\apps\Process.exe Possible Virus. Not disinfected C:\Documents and Settings\Nick\Desktop\SDFix\apps\swsc.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Nick\Desktop\SDFix.zip[SDFix/apps/Process.exe] Possible Virus. Not disinfected C:\Documents and Settings\Nick\Desktop\SDFix.zip[SDFix/apps/swsc.exe]

11-03-2006, 07:50 AM	#12 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,543 OS: 2000 Pro; XP Pro; XP Home	Nothing but cookies and files placed on the system by tools we used. Base issues seems resolved. Clear your Firefox cookies. From the open browser, go toTools>Options>Privacy>Cookies>Clear Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General tab>under Temporary files, click on Delete Cookies. Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address. AVG Anti-Spyware would be a good program to keep, update and run a scan with once a week or so. It adds another layer of protection to your system's security tools. You may want to prevent AVG Anti-Spyware from running at Windows startup, and just call it into service when needed. This may help with system boot times. To do so, right click on the AVG A/S system tray icon, and uncheck Start with Windows. Create a new System Restore point click Start >> Run - type SYSDM.CPL & press Enter select the System Restore Tab tick on the checkbox - "Turn off System Restore on all drives" click Apply then untick the same checkbox & click OK Enable Windows Auto Update Go to Start>Run - type wuaucpl.cpl tick on the checkbox - "Keep my computer up to date" Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items SpywareGuard to catch and block spyware before it can execute. SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here AD-AWARE Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Download IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip to your desktop. From your Desktop right-click (hosts.zip) and select: Extract All from the menu. Click Next, click Next, select the option: "Show Extracted files", click Finish This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009