Tech Support Forum banner
Cancel

[SOLVED] Warning! Spyware detected on computer! HELP

Jump to Latest Follow
Status
Not open for further replies.
1 - 13 of 13 Posts
S

· Registered
Joined
·
8 Posts
Discussion Starter · #1 ·
Hi,

I have a blue screen with the following writing:
" Warning! Spyware detected on your computer! Install spyware remover or antivirus to clean your computer"

I went through all the 5 steps described in the forum.

I downloaded the Deckard's system scanner (DSS)

Can someone please assist me in removing it from my laptop?

Deckard's System Scanner v20071014.68
Run by Sowmya on 2008-06-22 05:48:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-22 12:48:39 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Sowmya.exe) ----------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-22 05:54:10
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Sowmya\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [lphcea4j0etca] C:\WINDOWS\system32\lphcea4j0etca.exe
O4 - HKLM\..\Run: [SMshc9a4j0etca] C:\Program Files\shc9a4j0etca\shc9a4j0etca.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/25.23/uploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160247645984
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe


--
End of file - 15377 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 IO - g:\smap\tools32\io.sys (file missing)
S3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-22 16:03:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-09-04 13:36:05 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-22 05:21:49 0 d-------- C:\ie-spyad_zo
2008-06-22 05:13:56 0 d-------- C:\Program Files\SpywareBlaster
2008-06-22 00:41:51 0 d-------- C:\WINDOWS\LastGood
2008-06-22 00:41:13 0 d-------- C:\Program Files\Panda Security
2008-06-21 23:44:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-21 22:50:21 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-06-21 22:48:28 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-06-21 22:48:27 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-21 22:26:12 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-06-21 22:14:34 0 d-------- C:\Documents and Settings\Sowmya\Application Data\shc9a4j0etca
2008-06-21 22:12:33 60928 --a------ C:\WINDOWS\system32\blphcea4j0etca.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-06-21 22:12:02 109056 --a------ C:\WINDOWS\system32\lphcea4j0etca.exe


-- Find3M Report ---------------------------------------------------------------

2008-06-22 05:52:55 0 d-------- C:\Program Files\Trend Micro
2008-06-22 01:10:08 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-22 00:34:19 0 d-------- C:\Program Files\Common Files
2008-06-21 23:42:21 0 d-------- C:\Documents and Settings\Sowmya\Application Data\Lavasoft
2008-06-12 21:40:41 0 d-------- C:\Documents and Settings\Sowmya\Application Data\dvdcss
2008-06-08 23:11:35 0 d-------- C:\Documents and Settings\Sowmya\Application Data\Move Networks
2008-05-29 22:25:58 1891 --a------ C:\WINDOWS\mozver.dat
2008-05-27 19:26:35 0 d-------- C:\Documents and Settings\Sowmya\Application Data\AdobeUM
2008-04-23 21:55:03 0 d-------- C:\Documents and Settings\Sowmya\Application Data\Real


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
10/14/2005 10:21 AM 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [08/05/2005 10:57 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [08/05/2005 10:56 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [08/05/2005 10:56 AM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [11/17/2004 08:47 PM]
"RTHDCPL"="RTHDCPL.EXE" [08/09/2005 03:17 PM C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\ALCMTR.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [06/11/2005 07:51 PM]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [08/26/2005 07:14 PM]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [10/19/2005 11:07 PM]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [02/20/2004 03:12 PM]
"@"="" []
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [12/01/2005 02:20 AM]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/19/2003 09:08 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/02/2005 06:21 AM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/23/2005 04:27 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/04/2006 09:42 PM]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [09/27/2005 06:59 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 11:56 AM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 02:22 PM]
"lphcea4j0etca"="C:\WINDOWS\system32\lphcea4j0etca.exe" [06/21/2008 10:12 PM]
"SMshc9a4j0etca"="C:\Program Files\shc9a4j0etca\shc9a4j0etca.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 01:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/26/2007 10:44 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [06/11/2007 06:16 PM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [04/01/2008 06:35 PM]
"@"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 02:45 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [10/15/2004 2:26:54 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 05/20/2005 06:42 PM 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=C:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sowmya^Start Menu^Programs^Startup^SnagIt 7.lnk]
path=C:\Documents and Settings\Sowmya\Start Menu\Programs\Startup\SnagIt 7.lnk
backup=C:\WINDOWS\pss\SnagIt 7.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
"C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{238cee26-fbb8-11da-b78b-806d6172696f}]
AutoRun\command- I:\sony\Autorun.exe

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-06-22 05:55:31 ------------
 

Attachments

G

· Premium Member
Joined
·
14,317 Posts
#2 ·
Re: Warning! Spyware detected on computer! HELP

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [lphcea4j0etca] C:\WINDOWS\system32\lphcea4j0etca.exe
O4 - HKLM\..\Run: [SMshc9a4j0etca] C:\Program Files\shc9a4j0etca\shc9a4j0etca.exe

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\lphcea4j0etca.exe
C:\Program Files\shc9a4j0etca\
C:\WINDOWS\system32\blphcea4j0etca.scr

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
 
Save Share
S

· Registered
Joined
·
8 Posts
Discussion Starter · #3 ·
Re: Warning! Spyware detected on computer! HELP

Hi Greyknight17,

Thanks a lot for your help. That was quick!!

I ran the combo fix, and here is the log.txt

I also have a antivirus XP 2008 registered on my laptop, and I am not sure if it is genuine or not!!

-------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------

ComboFix 08-06-20.4 - Sowmya 2008-06-22 13:25:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.388 [GMT -7:00]
Running from: C:\Documents and Settings\Sowmya\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sowmya\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Sowmya\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk
.
---- Previous Run -------
.
C:\WINDOWS\setup.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-22 12:34 . 2008-06-22 12:34 <DIR> d-------- C:\Documents and Settings\Sowmya\Application Data\rhcaa4j0etca
2008-06-22 12:34 . 2008-06-22 13:15 94,208 --a------ C:\WINDOWS\system32\pphcea4j0etca.exe
2008-06-22 12:33 . 2008-06-22 12:34 <DIR> d-------- C:\Program Files\rhcaa4j0etca
2008-06-22 05:48 . 2008-06-22 05:48 <DIR> d-------- C:\Deckard
2008-06-22 05:21 . 2008-06-22 05:21 <DIR> d-------- C:\ie-spyad_zo
2008-06-22 05:13 . 2008-06-22 05:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-22 04:57 . 2008-06-22 04:47 60,928 --a------ C:\WINDOWS\system32\D6.tmp
2008-06-22 04:27 . 2008-06-22 04:17 60,928 --a------ C:\WINDOWS\system32\CE.tmp
2008-06-22 02:41 . 2008-06-22 02:31 60,928 --a------ C:\WINDOWS\system32\B8.tmp
2008-06-22 02:21 . 2008-06-22 02:11 60,928 --a------ C:\WINDOWS\system32\B3.tmp
2008-06-22 00:41 . 2008-06-22 00:42 <DIR> d-------- C:\Program Files\Panda Security
2008-06-21 23:44 . 2008-06-21 23:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-21 22:14 . 2008-06-21 22:14 <DIR> d-------- C:\Documents and Settings\Sowmya\Application Data\shc9a4j0etca
2008-06-21 22:12 . 2008-06-22 12:33 90,838 --a------ C:\WINDOWS\system32\phcea4j0etca.bmp
2008-06-21 21:46 . 2008-06-22 13:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-21 21:46 . 2008-06-21 22:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-10 18:56 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 18:56 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 20:36 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-06-22 20:23 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-22 12:52 --------- d-----w C:\Program Files\Trend Micro
2008-06-22 12:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-22 06:42 --------- d-----w C:\Documents and Settings\Sowmya\Application Data\Lavasoft
2008-06-13 04:40 --------- d-----w C:\Documents and Settings\Sowmya\Application Data\dvdcss
2008-06-09 06:11 --------- d-----w C:\Documents and Settings\Sowmya\Application Data\Move Networks
2008-05-28 02:26 --------- d-----w C:\Documents and Settings\Sowmya\Application Data\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 10:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 22:44 68856]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-06-11 18:16 4670968]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 14:45 313472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-05 10:57 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-05 10:56 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-05 10:56 114688]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 20:47 118784]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 14743552 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51 53248]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 19:14 36975]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 23:07 184320]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 15:12 32768]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 02:20 69632]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08 28672]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 06:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 16:27 85696]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-04 21:42 180269]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 06:59 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22 3739648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"SMrhcaa4j0etca"="C:\Program Files\rhcaa4j0etca\rhcaa4j0etca.exe" [2008-06-21 11:22 1642496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 14:26:54 2080768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=C:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sowmya^Start Menu^Programs^Startup^SnagIt 7.lnk]
path=C:\Documents and Settings\Sowmya\Start Menu\Programs\Startup\SnagIt 7.lnk
backup=C:\WINDOWS\pss\SnagIt 7.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 14:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2006-07-29 16:34 5354792 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-01-29 13:36 25370152 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-26 22:44 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 14:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
--a------ 2005-10-11 22:36 151552 C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-11 18:16 4670968 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26359:TCP"= 26359:TCP:BitComet 26359 TCP
"26359:UDP"= 26359:UDP:BitComet 26359 UDP

R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2005-11-30 15:12]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 19:10]
S3 IO;IO;G:\smap\tools32\IO.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{238cee26-fbb8-11da-b78b-806d6172696f}]
\shell\AutoRun\command - I:\sony\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-22 23:03:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 13:26:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-22 13:27:56
ComboFix-quarantined-files.txt 2008-06-22 20:27:48

Pre-Run: 36,520,038,400 bytes free
Post-Run: 36,516,360,192 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /PAE
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

183 --- E O F --- 2008-06-21 05:23:59
 
G

· Premium Member
Joined
·
14,317 Posts
#4 ·
Re: Warning! Spyware detected on computer! HELP

Get rid of Antivirus XP 2008. It's not a good program to have.

Download Malwarebytes ' Anti-Malware at http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:
File::
C:\WINDOWS\system32\pphcea4j0etca.exe
C:\WINDOWS\system32\D6.tmp
C:\WINDOWS\system32\CE.tmp
C:\WINDOWS\system32\B8.tmp
C:\WINDOWS\system32\B3.tmp
C:\WINDOWS\system32\phcea4j0etca.bmp
Folder::
C:\Documents and Settings\Sowmya\Application Data\shc9a4j0etca
C:\Program Files\rhcaa4j0etca\
C:\Documents and Settings\Sowmya\Application Data\rhcaa4j0etca
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMrhcaa4j0etca"=-
Click to expand...
Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
 
Save Share
S

· Registered
Joined
·
8 Posts
Discussion Starter · #5 ·
Re: Warning! Spyware detected on computer! HELP

So I performed MBAM scan and combofix.

Here are the logs!!

The installation files for Antivirus are still there!!

MBAM log

----------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.18
Database version: 881

8:17:15 PM 6/22/2008
mbam-log-6-22-2008 (20-17-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 107047
Time elapsed: 35 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------
Combofix log

ComboFix 08-06-20.4 - Sowmya 2008-06-22 20:29:38.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.398 [GMT -7:00]
Running from: C:\Documents and Settings\Sowmya\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sowmya\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\B3.tmp
C:\WINDOWS\system32\B8.tmp
C:\WINDOWS\system32\CE.tmp
C:\WINDOWS\system32\D6.tmp
C:\WINDOWS\system32\phcea4j0etca.bmp
C:\WINDOWS\system32\pphcea4j0etca.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sowmya\Application Data\rhcaa4j0etca
C:\Documents and Settings\Sowmya\Application Data\shc9a4j0etca
C:\WINDOWS\system32\B3.tmp
C:\WINDOWS\system32\B8.tmp
C:\WINDOWS\system32\CE.tmp
C:\WINDOWS\system32\D6.tmp
C:\WINDOWS\system32\phcea4j0etca.bmp
C:\WINDOWS\system32\pphcea4j0etca.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
.

2008-06-22 19:40 . 2008-06-22 19:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-22 19:40 . 2008-06-22 19:40 <DIR> d-------- C:\Documents and Settings\Sowmya\Application Data\Malwarebytes
2008-06-22 19:40 . 2008-06-22 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 19:40 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-22 19:40 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-22 13:47 . 2008-06-22 13:47 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-22 05:48 . 2008-06-22 05:48 <DIR> d-------- C:\Deckard
2008-06-22 05:21 . 2008-06-22 05:21 <DIR> d-------- C:\ie-spyad_zo
2008-06-22 05:13 . 2008-06-22 05:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-22 00:41 . 2008-06-22 00:42 <DIR> d-------- C:\Program Files\Panda Security
2008-06-21 23:44 . 2008-06-21 23:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-21 21:46 . 2008-06-22 19:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-21 21:46 . 2008-06-21 22:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-10 18:56 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 18:56 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 20:36 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-06-23 02:22 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-22 12:52 --------- d-----w C:\Program Files\Trend Micro
2008-06-22 12:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-22 06:42 --------- d-----w C:\Documents and Settings\Sowmya\Application Data\Lavasoft
2008-06-13 04:40 --------- d-----w C:\Documents and Settings\Sowmya\Application Data\dvdcss
2008-06-09 06:11 --------- d-----w C:\Documents and Settings\Sowmya\Application Data\Move Networks
2008-05-28 02:26 --------- d-----w C:\Documents and Settings\Sowmya\Application Data\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
.

((((((((((((((((((((((((((((( [email protected]_13.27.38.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 20:14:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 02:21:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 10:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 22:44 68856]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-06-11 18:16 4670968]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 14:45 313472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-05 10:57 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-05 10:56 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-05 10:56 114688]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 20:47 118784]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 14743552 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51 53248]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 19:14 36975]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 23:07 184320]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 15:12 32768]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 02:20 69632]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08 28672]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 06:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 16:27 85696]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-04 21:42 180269]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 06:59 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22 3739648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 14:26:54 2080768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=C:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sowmya^Start Menu^Programs^Startup^SnagIt 7.lnk]
path=C:\Documents and Settings\Sowmya\Start Menu\Programs\Startup\SnagIt 7.lnk
backup=C:\WINDOWS\pss\SnagIt 7.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 14:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2006-07-29 16:34 5354792 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-01-29 13:36 25370152 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-26 22:44 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 14:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
--a------ 2005-10-11 22:36 151552 C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-11 18:16 4670968 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26359:TCP"= 26359:TCP:BitComet 26359 TCP
"26359:UDP"= 26359:UDP:BitComet 26359 UDP

R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2005-11-30 15:12]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 19:10]
S3 IO;IO;G:\smap\tools32\IO.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{238cee26-fbb8-11da-b78b-806d6172696f}]
\shell\AutoRun\command - I:\sony\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-22 23:03:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 20:31:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-22 20:33:06
ComboFix-quarantined-files.txt 2008-06-23 03:32:54
ComboFix2.txt 2008-06-22 20:27:56

Pre-Run: 36,600,025,088 bytes free
Post-Run: 36,587,311,104 bytes free

178 --- E O F --- 2008-06-21 05:23:59
 
S

· Registered
Joined
·
8 Posts
Discussion Starter · #6 ·
Re: Warning! Spyware detected on computer! HELP

Hi GreyKnight17,

I still see the blue screen, but there is no warning on the desktop. I can still see the software files on registry editor:
rhcaa4j0etca

I can also see the installer for antivirus xp 2008 on my quick launch.

Thanks for all the help!!
 
G

· Premium Member
Joined
·
14,317 Posts
#7 ·
Re: Warning! Spyware detected on computer! HELP

Delete that entry from the registry editor. Can you delete that file/shortcut for antivirus xp also?
 
Save Share
S

· Registered
Joined
·
8 Posts
Discussion Starter · #8 ·
Re: Warning! Spyware detected on computer! HELP

Hi,

I deleted that file from shortcut and also from registry editor.
I have something called S3R521 in the registry editor. I am not sure if its a bad file.
and also how do I get back my desktop screen, and do you think there are any more virus in my laptop?

Thanks
 
S

· Registered
Joined
·
8 Posts
Discussion Starter · #9 ·
Re: Warning! Spyware detected on computer! HELP

Hi,

When you have time, can you please answer my question about the desktop settings and the file in the above reply?
Am I good to go now?

Thanks a lot!!!
 
G

· Premium Member
Joined
·
14,317 Posts
#10 ·
Re: Warning! Spyware detected on computer! HELP

I wouldn't suggest fiddling around with any of the other entries in the registry. Does that S3R521 key have any software name inside that may indicate where it came from?

Can you change the background yourself?

As far as the scans are concerned, they look clean. If you still have problems, you may run the following virus scan as another check:

Make sure you turn off any antivirus programs you have running while performing the online scan below. Using Internet Explorer, run a virus scan at http://www.kaspersky.com/virusscanner Click on 'Launch Kaspersky Anti-Virus Web Scanner' and install the ActiveX component from Kaspersky. Click Yes and it will begin downloading the latest definition files. Once that's done, click on 'Scan Settings' and make sure the following are selected:

Scan using the following Anti-Virus database:
- Extended

Scan Options:
- Scan Archives
- Scan Mail Bases

Click OK. Now under select a target to scan, select 'My Computer'. It will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the 'Save as Text' button. Save the file to your desktop. Copy and paste that information in your next post.
 
Save Share
S

· Registered
Joined
·
8 Posts
Discussion Starter · #11 ·
Re: Warning! Spyware detected on computer! HELP

S3R521 has this key inside it.
R6BXJB2B3A2HZCYV4646

I can change my background settings. I dont have any problems as of now.

Here is the kaspersky online scan:
" I have unistalled morpheus a long time back"

-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, June 25, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, June 26, 2008 02:52:32
Records in database: 884692
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 82766
Threat name: 3
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 01:51:24


File name / Threat name / Threats count
C:\Documents and Settings\Sowmya\Application Data\Sun\Java\Deployment\cache\6.0\23\d372ed7-4395d9e0 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Sowmya\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-607f3c56 Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Sowmya\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-4a8651d3 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Sowmya\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4941f397-534834c9.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Sowmya\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-574336d2.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Sowmya\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-3bc0a910.zip Infected: Exploit.Java.Gimsh.b 1
C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1

The selected area was scanned.
 
G

· Premium Member
Joined
·
14,317 Posts
#12 ·
Re: Warning! Spyware detected on computer! HELP

That S3R521 key seems to be related to DivX.

Delete this folder:

C:\Program Files\Morpheus\

Go to http://www.java.com/en/download/help/5000020300.xml and see how to clear your Java cache or follow the instructions below:

Go into the Control Panel and double-click the Java icon (looks like a coffee cup).

- Under Temporary Internet Files, click the Delete Files button.
- There are three options in the window to clear the cache - Leave ALL 3 Checked
- Downloaded Applets
- Downloaded Applications
- Other Files
- Click OK on Delete Temporary Files window (Note: This deletes ALL the Downloaded Java Applications and Applets from the CACHE.)
- Click OK to leave the Java Control Panel.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste combofix /u and hit OK to remove it. You should be set to go.
 
Save Share
S

· Registered
Joined
·
8 Posts
Discussion Starter · #13 ·
Re: Warning! Spyware detected on computer! HELP

I did all the above!!
No problems that I can notice. Thanks a lot for your help! Everything is back to normal :)
 
1 - 13 of 13 Posts
Status
Not open for further replies.
About this Discussion
12 Replies
2 Participants
Last post:
sgold
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top