Trojan.zlob-x.a HELP!!

Ellieboo · Dec 6, 2007

Hi

I am receive a security warning that my computer is infected with the Trojan.zlob-x.a virus. I have followed the 5 steps before posting. Please help. My searching is also affected as it redirects to a porn site.

Thanks in advance for your help.
Ellie

Deckard's System Scanner v20071014.68
Run by COOKIE on 2007-12-05 18:58:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 2 Restore Point(s) --
2: 2007-12-05 23:58:45 UTC - RP419 - Deckard's System Scanner Restore Point
1: 2007-12-05 19:37:10 UTC - RP418 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as COOKIE.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:40 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\COOKIE\Desktop\dss.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\COOKIE.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Video DivX 3.12 - {16096942-15C5-4629-BD81-00A46B2408CA} - C:\WINDOWS\system32\sysdivx.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6172\SiteAdv.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNM] "C:\Program Files\SpyNoMore\SNM.exe" /startup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?a10215f3babd468b890f510fa4c45494
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?a10215f3babd468b890f510fa4c45494
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156815124921
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 13320 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 TfFsMon - c:\windows\system32\drivers\tffsmon.sys (file missing)
R0 TfSysMon - c:\windows\system32\drivers\tfsysmon.sys (file missing)
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 TfNetMon - c:\windows\system32\drivers\tfnetmon.sys (file missing)

S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-12-05 18:34:42 424 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D222FB3C-806B-43D4-9E1B-88C994FC0E2B}.job
2007-12-05 18:26:01 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-12-05 18:20:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-05 10:19:08 1626 --a------ C:\WINDOWS\Tasks\wrSpySweeper_L21686DA3EC724F25AE7EF3F5CDB201FC.job
2007-12-01 01:00:30 354 --ah----- C:\WINDOWS\Tasks\McQcTask.job
2007-06-15 00:36:12 266 --ah----- C:\WINDOWS\Tasks\McDefragTask.job

-- Files created between 2007-11-05 and 2007-12-05 -----------------------------

2007-12-05 17:30:31 0 d-------- C:\ie-spyad_zo
2007-12-05 17:20:33 0 d-------- C:\Program Files\SpywareBlaster
2007-12-05 15:12:13 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-05 15:12:10 0 d-------- C:\WINDOWS\LastGood
2007-12-05 13:49:53 0 d-------- C:\Program Files\ThreatFire
2007-12-05 13:49:53 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-12-05 12:27:50 0 d-------- C:\Program Files\Trend Micro
2007-12-05 08:18:14 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-05 08:18:03 0 d-------- C:\Program Files\Webroot
2007-12-05 08:18:03 0 d-------- C:\Documents and Settings\COOKIE\Application Data\Webroot
2007-12-05 08:18:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-05 07:58:20 1152 --a------ C:\WINDOWS\system32\windrv.sys
2007-12-05 07:57:49 0 d-------- C:\Program Files\Common Files\Download Manager
2007-12-04 07:51:30 0 d-------- C:\Program Files\IE Defender
2007-12-04 07:50:30 219648 --a------ C:\WINDOWS\system32\sysdivx.dll <Not Verified; 3gp.org; >
2007-12-01 11:21:27 0 d-------- C:\Documents and Settings\COOKIE\Application Data\Apple Computer
2007-12-01 11:21:02 0 d-------- C:\Program Files\iPod
2007-12-01 11:20:57 0 d-------- C:\Program Files\iTunes
2007-12-01 11:19:45 0 d-------- C:\Program Files\QuickTime
2007-12-01 11:19:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-01 11:19:22 0 d-------- C:\Program Files\Apple Software Update
2007-12-01 11:18:37 0 d-------- C:\Program Files\Common Files\Apple
2007-12-01 11:18:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-21 11:01:31 0 d-------- C:\Documents and Settings\COOKIE\Application Data\Yahoo!
2007-11-21 11:01:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-21 11:00:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-21 10:59:03 0 d-------- C:\Program Files\Yahoo!
2007-11-10 18:37:01 675579 --a------ C:\WINDOWS\PROGRAM.exe
2007-11-10 18:36:49 363980 --a------ C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
2007-11-07 20:22:38 0 d-------- C:\WINDOWS\system32\UpMedia

-- Find3M Report ---------------------------------------------------------------

2007-12-05 16:43:35 0 d-------- C:\Program Files\Windows Live Toolbar
2007-12-05 16:37:22 0 d-------- C:\Program Files\MSN Messenger
2007-12-05 16:33:43 0 d-------- C:\Program Files\Messenger
2007-12-05 16:21:17 0 d-------- C:\Program Files\Google
2007-12-05 16:20:30 0 d-------- C:\Program Files\Digital Line Detect
2007-12-05 16:20:30 0 d-------- C:\Program Files\DellSupport
2007-12-05 16:15:13 0 d-------- C:\Program Files\BAE
2007-12-05 08:02:27 0 d-------- C:\Program Files\McAfee
2007-12-05 07:57:49 0 d-------- C:\Program Files\Common Files
2007-12-04 20:02:53 0 d-------- C:\Program Files\Ricochet Infinity
2007-12-04 09:05:50 0 d-------- C:\Program Files\Star Defender 3
2007-12-04 09:05:43 0 d-------- C:\Program Files\GameHouse
2007-12-04 09:04:59 0 d-------- C:\Program Files\Emerald Tale
2007-12-04 09:04:27 0 d-------- C:\Program Files\Bubble Shooter Premium Edition
2007-12-04 09:04:11 0 d-------- C:\Program Files\Gamenext
2007-12-01 11:09:37 0 d-------- C:\Documents and Settings\COOKIE\Application Data\LimeWire
2007-11-14 21:30:18 0 d-------- C:\Documents and Settings\COOKIE\Application Data\SiteAdvisor
2007-11-07 19:49:25 3072 --a------ C:\Documents and Settings\COOKIE\Application Data\dvd.bmk
2007-10-05 18:11:59 0 d-------- C:\Program Files\Java
2007-09-18 15:48:06 4184 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-18 15:48:06 56 -r-hs---- C:\WINDOWS\system32\6E321AAE5E.sys
2007-09-17 12:15:45 217088 --a------ C:\WINDOWS\system32\HCPSTool.dll <Not Verified; HexaLock Ltd.; HCPS>
2007-09-17 12:15:45 49152 --a------ C:\WINDOWS\system32\HCPSST.dll <Not Verified; HexaLock Ltd.; HCPS>
2007-09-17 12:15:45 524288 --a------ C:\WINDOWS\system32\HCPSMng.exe <Not Verified; HexaLock Ltd.; HCPS>
2007-09-17 12:15:45 73728 --a------ C:\WINDOWS\system32\HCPS98Tool.dll <Not Verified; HexaLock Ltd.; HCPS>
2007-09-11 18:35:10 202826 --a------ C:\WINDOWS\system32\atasnt40.dll <Not Verified; WebEx Communications, Inc; WebEx Application Sharing>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16096942-15C5-4629-BD81-00A46B2408CA}]
12/04/2007 07:50 AM 219648 --a------ C:\WINDOWS\system32\sysdivx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 05:15 AM 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 03:20 PM C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 08:05 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [05/03/2006 03:12 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 09:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 09:44 AM]
"@"="" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 04:20 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/13/2006 09:04 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 10:11 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 12:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 12:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 12:50 PM]
"Device Detector"="DevDetect.exe" []
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [11/03/2006 05:11 PM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [02/09/2006 05:34 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 01:33 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [07/19/2007 10:54 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/19/2007 09:35 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]

C:\Documents and Settings\COOKIE\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [8/4/2007 1:07:19 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/13/2006 8:52:23 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 6:28:24 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2/5/2007 6:27:35 PM]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [6/20/2006 7:10:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

*Newly Created Service* - MCHINJDRV
*Newly Created Service* - TFFSMON
*Newly Created Service* - TFNETMON
*Newly Created Service* - TFSYSMON

-- End of Deckard's System Scanner: finished at 2007-12-05 19:02:52 ------------

Glaswegian · Dec 9, 2007

Hi and welcome to TSF.

Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your log is clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Combofix
Download ComboFix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

CAUTION! Combofix should not be run without supervision - we cannot be held responsible if you end up re-installing Windows!

1. Close any open browsers and physically disconnect from the Internet.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See here for a guide to disabling AV, Firewall and Anti-malware programmes.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the log C:\ComboFix.txt along with a fresh HijackThis Log for further review.

NOTE: ComboFix should not take more than 20 minutes to run - this includes the reboot if malware is found. If it does:

Open Task Manager (Ctrl+Alt+Del) and go to the Processes Tab
End any processes called indstr, find, sed or swreg,
ComboFix should now contimue.

Please advise me if you had to end any Processes in this way, and let me know the Process Names.

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

Ellieboo · Dec 11, 2007

Hi Iain

Thanks for responding.
I followed your instructions to a T (or so i thought at the time.) However I got to the restart of my puta and when it was running thru its thing, finding files and stuff, "spy sweeper" program loaded and everything stopped. The Combo fix never came back. I think i am going to uninstall the spy sweeper because its not up to date so its not really serving much purpose. Should i do that and then run the combofix again?? I wanted to ck with you before doing this
"Open Task Manager (Ctrl+Alt+Del)
and go to the Processes Tab
End any processes called indstr,
find, sed or swreg,
ComboFix should now contimue."
because I am not sure what to do.
Thanks in advance

Ellie

Glaswegian · Dec 11, 2007

Hi Ellie

You can now ignore that part about the processes - it should be sorted.

Check and see if the file c:\combofix.txt exists - if so, copy and paste the log back here. If not, let me know.

Ellieboo · Dec 12, 2007

Hey Iain,

I did find a combofix.txt file, but all it contains is a message that confirms a restore point. I have attached. When i restarted my computer today the combofix application comes up and runs...it finds files, i try to read what it says to write it down to tell u but it goes quickly, it does say stuff to the effect of "greb found but not recoginzed" and i think it stops because mcAfee icon comes up even though i have disabled the programs. What do i do next? Im sorry to be such a pain in the butt.

Thanks in advance
Ellie

Glaswegian · Dec 12, 2007

Hi Ellie

OK - looks like it didn't run. Double click the combofix.icon and let it run - it should reboot the PC. Post back with c:\combofix.txt and a fresh HijackThis log.

Ellieboo · Dec 13, 2007

Hi Iain

Hopefully this is it, if not I am so doomed.:upset: The following it the log from the combofix:

ComboFix 07-12-09.1 - COOKIE 2007-12-12 19:58:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.534 [GMT -5:00]
Running from: C:\Documents and Settings\COOKIE\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\IE Defender
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\UpMedia\SearchTool.dll
C:\WINDOWS\system32\UpMedia\uninstallSE.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.

2007-12-11 19:42 . 2007-12-11 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2007-12-11 19:19 . 2007-12-11 19:19 <DIR> d-------- C:\Documents and Settings\COOKIE\Application Data\McAfee
2007-12-09 09:38 . 2007-12-09 09:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2007-12-09 09:34 . 2007-12-09 09:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-09 09:33 . 2007-12-09 09:34 <DIR> d-------- C:\Program Files\Dell Support Center
2007-12-09 09:33 . 2007-12-09 09:33 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2007-12-05 18:58 . 2007-12-05 18:58 <DIR> d-------- C:\Deckard
2007-12-05 17:30 . 2007-12-05 17:30 <DIR> d-------- C:\ie-spyad_zo
2007-12-05 17:20 . 2007-12-07 19:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-05 17:20 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-05 17:05 . 2007-12-05 17:05 0 --a------ C:\WINDOWS\system32\908.tmp
2007-12-05 15:12 . 2007-12-05 17:05 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-05 15:12 . 2007-12-05 15:26 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-05 15:12 . 2007-12-05 15:26 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-05 15:12 . 2007-12-05 15:26 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-05 13:49 . 2007-12-06 05:48 <DIR> d-------- C:\Program Files\ThreatFire
2007-12-05 13:49 . 2007-12-05 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-12-05 13:49 . 2007-11-12 17:03 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2007-12-05 12:27 . 2007-12-05 12:27 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-05 08:18 . 2007-12-05 08:18 <DIR> d-------- C:\Program Files\Webroot
2007-12-05 08:18 . 2007-12-05 08:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-05 08:18 . 2007-12-05 08:18 <DIR> d-------- C:\Documents and Settings\COOKIE\Application Data\Webroot
2007-12-05 08:18 . 2007-12-05 08:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-05 08:18 . 2007-07-19 22:54 1,521,464 --a------ C:\WINDOWS\WRSetup.dll
2007-12-05 08:18 . 2007-07-19 22:42 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-05 08:18 . 2007-07-19 22:42 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-05 08:18 . 2007-07-19 22:42 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-05 08:18 . 2007-07-19 22:42 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-12-05 07:58 . 2007-12-05 07:58 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-12-05 07:57 . 2007-12-05 07:57 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-12-01 11:21 . 2007-12-01 11:21 <DIR> d-------- C:\Program Files\iPod
2007-12-01 11:21 . 2007-12-01 11:21 <DIR> d-------- C:\Documents and Settings\COOKIE\Application Data\Apple Computer
2007-12-01 11:21 . 2007-12-12 19:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-01 11:21 . 2007-12-01 11:21 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-01 11:20 . 2007-12-05 16:25 <DIR> d-------- C:\Program Files\iTunes
2007-12-01 11:19 . 2007-12-01 11:20 <DIR> d-------- C:\Program Files\QuickTime
2007-12-01 11:19 . 2007-12-01 11:19 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-01 11:19 . 2007-12-01 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-01 11:18 . 2007-12-01 11:18 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-01 11:18 . 2007-12-01 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-21 11:01 . 2007-11-21 17:32 <DIR> d-------- C:\Documents and Settings\COOKIE\Application Data\Yahoo!
2007-11-21 11:01 . 2007-11-21 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-21 11:00 . 2007-11-21 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-21 10:59 . 2007-11-21 11:00 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 13:09 --------- d-----w C:\Program Files\Ricochet Infinity
2007-12-12 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-12 00:25 --------- d-----w C:\Documents and Settings\COOKIE\Application Data\SiteAdvisor
2007-12-12 00:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-11 13:44 --------- d-----w C:\Program Files\McAfee
2007-12-09 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-12-05 21:43 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-05 21:37 --------- d-----w C:\Program Files\MSN Messenger
2007-12-05 21:21 --------- d-----w C:\Program Files\Google
2007-12-05 21:20 --------- d-----w C:\Program Files\Digital Line Detect
2007-12-05 21:15 --------- d-----w C:\Program Files\BAE
2007-12-05 18:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-04 14:05 --------- d-----w C:\Program Files\Star Defender 3
2007-12-04 14:05 --------- d-----w C:\Program Files\GameHouse
2007-12-04 14:04 --------- d-----w C:\Program Files\Gamenext
2007-12-04 14:04 --------- d-----w C:\Program Files\Emerald Tale
2007-12-04 14:04 --------- d-----w C:\Program Files\Bubble Shooter Premium Edition
2007-12-01 16:09 --------- d-----w C:\Documents and Settings\COOKIE\Application Data\LimeWire
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 23:37 675,579 ----a-w C:\WINDOWS\PROGRAM.exe
2007-11-10 23:36 363,980 ----a-w C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-09-18 20:48 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-17 17:15 73,728 ----a-w C:\WINDOWS\system32\HCPS98Tool.dll
2007-09-17 17:15 524,288 ----a-w C:\WINDOWS\system32\HCPSMng.exe
2007-09-17 17:15 49,152 ----a-w C:\WINDOWS\system32\HCPSST.dll
2007-09-17 17:15 217,088 ----a-w C:\WINDOWS\system32\HCPSTool.dll
2007-08-16 00:08 560 ----a-w C:\Program Files\Global.sw
2006-09-06 21:55 24,192 ----a-w C:\Documents and Settings\COOKIE\usbsermptxp.sys
2006-09-06 21:55 22,768 ----a-w C:\Documents and Settings\COOKIE\usbsermpt.sys
2007-08-24 00:46 88 --sh--r C:\WINDOWS\system32\5EAE1A326E.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 21:35]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 15:20 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44]
"@"="" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-07-13 09:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 12:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 12:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 12:50]
"Device Detector"="DevDetect.exe" []
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-11-03 17:11]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 17:34]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 04:00]

C:\Documents and Settings\COOKIE\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-04 13:07:19]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-13 08:52:23]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-02-05 18:27:35]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2006-06-20 07:10:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys
S3 TfNetMon;TfNetMon;\??\C:\WINDOWS\system32\drivers\TfNetMon.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-05 23:20:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-12 14:26:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2007-06-15 05:36:12 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-12-01 06:00:30 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-12-13 00:47:30 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D222FB3C-806B-43D4-9E1B-88C994FC0E2B}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2007-12-11 12:59:18 C:\WINDOWS\Tasks\wrSpySweeper_L21686DA3EC724F25AE7EF3F5CDB201FC.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
- C:\
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 20:00:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-12 20:01:02
.
--- E O F ---

Thanks Iain

Glaswegian · Dec 13, 2007

Hi again Ellie

Looking better – how is your system running now?

Combofix

Close any open browsers.
Open notepad and copy/paste the text in the box below into it:

Code:

File::
C:\WINDOWS\system32\908.tmp
C:\WINDOWS\system32\pavas.ico
C:\WINDOWS\system32\Help.ico
C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
C:\WINDOWS\system32\5EAE1A326E.sys

Looking at the image below as an example

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at "C:\ComboFix.txt"

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up re-installing Windows!

Please post the log C:\ComboFix.txt along with a fresh HijackThis Log for further review.

Online Scan
Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky WebScanner

Next Click on Kaspersky Online Scanner

A Welcome screen will appear - click 'Accept' at the bottom. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan: Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.
Copy and paste that information in your next post.

Take note of the name(s) and location(s) of any file(s) it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

Logs required
c:\combofix.txt
Kaspersky Log
HijackThis Log

Ellieboo · Dec 16, 2007

Hey Iain

The computer is not running badly, but IE loads very slowly. Judging from the Kasp scan, it seems i'm quite infected.

Here is the info you requested.

As always thanks in advance for your kind assistance.

Ellie.

KASPERSKY ONLINE SCANNER REPORT
Sunday, December 16, 2007 11:27:05 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/12/2007
Kaspersky Anti-Virus database records: 484079
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 96522
Number of viruses found: 4
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 01:23:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{E576B4F1-51D2-448D-99BC-4F753145DC00}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR26.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\COOKIE\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\COOKIE\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini.inuse Object is locked skipped
C:\Documents and Settings\COOKIE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\COOKIE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\COOKIE\Local Settings\Application Data\SupportSoft\DellSupportCenter\COOKIE\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\COOKIE\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\COOKIE\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\COOKIE\Local Settings\Temp\sqlite_7bVsI1y7hsgST3f Object is locked skipped
C:\Documents and Settings\COOKIE\Local Settings\Temp\~DF6170.tmp Object is locked skipped
C:\Documents and Settings\COOKIE\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\COOKIE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\COOKIE\My Documents\defender-install.exe/data0010 Infected: not-a-virus:FraudTool.Win32.IeDefender.h skipped
C:\Documents and Settings\COOKIE\My Documents\defender-install.exe NSIS: infected - 1 skipped
C:\Documents and Settings\COOKIE\My Documents\defender-install.exe UPX: infected - 1 skipped
C:\Documents and Settings\COOKIE\My Documents\defender-install.exe PE_Patch.UPX: infected - 1 skipped
C:\Documents and Settings\COOKIE\My Documents\My Music\New Folder\Wicked Remix.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\COOKIE\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\COOKIE\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Downloads\Wonders_Setup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe.vir/stream/data0001 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\qoobox\Quarantine\C\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe.vir/stream/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\qoobox\Quarantine\C\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\qoobox\Quarantine\C\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe.vir NSIS: infected - 3 skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\UpMedia\SearchTool.dll.vir Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP425\A0125676.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP428\A0127101.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP428\A0127101.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP428\A0127101.exe/stream Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP428\A0127101.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP428\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_5wT4BwlBQEOKrt5 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_gC08GHc5ObsIwhY Object is locked skipped
C:\WINDOWS\Temp\mcmsc_hh9g7Cht7MNJe8R Object is locked skipped
C:\WINDOWS\Temp\mcmsc_xQOpAD4TepU1HQ5 Object is locked skipped
C:\WINDOWS\Temp\sqlite_35TVEvAxjMydPLO Object is locked skipped
C:\WINDOWS\Temp\sqlite_jNxOSpXpocA3mYY Object is locked skipped
C:\WINDOWS\Temp\sqlite_xjbUQtuRgJaiuAs Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Glaswegian · Dec 19, 2007

Hi again Ellie

Your logs are looking clean.

Kaspersky only had a couple of things – it shows Windows System files, so don’t worry.

Delete the following Files indicated in RED if they still exist.

C:\Documents and Settings\COOKIE\My Documents\defender-install.exe
C:\Documents and Settings\COOKIE\My Documents\My Music\New Folder\Wicked Remix.wma
C:\Downloads\Wonders_Setup-dm[1].exe

Note: If they prove to be stubborn, you may have to boot to safe mode to delete them.

I’m not seeing anything else – have you received any more warnings or re-directs?

Ellieboo · Dec 21, 2007

hey Iain

No more warnings or re-directs thankfully. I will delete files if they are still on system and let you know. I have noticed IE is slow in loading but will delete and then ck and report progress.

Many thanks
Ellie

Aaflac · Dec 21, 2007

Ellieboo,

Glaswegian will not be available for a while, so I will be glad to assist you.

So far, you are doing good!

Press on, and remove the files Glaswegian instructed, and also do the following:

Download ATF Cleaner

Double-click ATF-Cleaner.exe to run the program
Click Select All
Click: Empty Selected

If you use the Firefox browser click it on the top menu
Next, choose Select All
Click: Empty Selected

NOTE:
If you would like to keep your saved passwords, click 'No' at the prompt.

Click Exit to close the ATF Cleaner program.

~~~~
To make sure there are no Zlob remnants, download SmitfraudFix
Right-click and select Extract all
Save to the Desktop

-Open the SmitfraudFix folder
-Double-click smitfraudfix.cmd
-Select option #1 - Search by typing 1 and press Enter

This program scans large amounts of files on your computer, so please be patient while it works.
When it is done, a log named rapport.txt is created, listing infected files (if present).

~~~~
Now, download the Free Trial version of SuperAntiSpyware Professional

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log (It opens in your default text editor, such as Notepad)

Please provide the SmitfraudFix C:\rapport.txt, and the SuperAntiSpyware log in your reply.

Ellieboo · Dec 23, 2007

Hi Aaflac

Thank you for responding. Hope all is ok with Iain. I have done as suggested and the logs are attached. I deleted the files as Iain said. Dont know if I'm being "parro" or stuff still needs fixing but IE still takes long to load. Any ideas?

If we do not communicate before Have a wonderful Christmas (If you celebrate the holiday that is).

Thanks much for your help in advance.

Ellie

Aaflac · Dec 24, 2007

On the Internet Explorer issue, there seems to be a hungapp issue. Let’s try the following:

In Internet Explorer, go to Tools > Internet Options
Under Browsing History click on Settings
Click on View Objects
On the list presented, verify there are no Active X controls showing a yellow shield with an exclamation mark.
Right click and remove all the entries that do, and let the latest version reload on re-boot.

Also, Test the Java Virtual Machine (JVM)

Start Internet Explorer.

If no luck:
Go to Start > Run, and copy/paste: control inetcpl.cpl
Click the Advanced tab
Under Browsing, uncheck: Enable third-party browser extensions (requires restart)
Click: apply > OK

Start Internet Explorer, and see how it goes.

Merry Christmas to you also!!

Ellieboo · Dec 31, 2007

Hi AAflac

I have done as you instructed but still IE takes a while to load, the last couple times I tried coming in to reply to you, I get "not responding" its hanging I guess, any other suggestions?

Thanks in advance

Ellie

Aaflac · Jan 2, 2008

Let' see if there is anything this program can get rid of:

Please download the Free Trial version of SuperAntiSpyware Professional

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log (It opens in your default text editor, such as Notepad)

Please provide the SuperAntiSpyware log in your reply.

Trojan.zlob-x.a HELP!!

Ellieboo

Attachments

Glaswegian

Ellieboo

Glaswegian

Ellieboo

Attachments

Glaswegian

Ellieboo

Attachments

Glaswegian

Ellieboo

Attachments

Glaswegian

Ellieboo

Aaflac

Ellieboo

Attachments

Aaflac

Ellieboo

Aaflac

Top Contributors this Month