Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop drivers dvd email error excel excel 2003 firefox hard drive hardware hdmi hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem processor recovery router safe mode screen slow sound spyware trojan vba video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: Windows Reverting Back

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
Zainin's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Jun 2007
Experience: Beginner
29-May-2009, 06:19 AM #1
Windows Reverting Back
Hello,

Sorry to bother, could someone please help out?

My computer has gotten slowly all of a sudden during the last 2 weeks.

It takes several minutes when trying to open/rename/copy/move/deletes folders/files, and even longer when emptying the recycle bin. Same goes with opening some programs especially FireFox & Winamp.

I also keep getting this message "Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvenience" It crashes every time I try to play certain videos, copying or moving files.

For the last couple years, I kept getting the message "Your system is low on virtual memory" My current memory is 256MB of RAM, I will buy another bar of RAM soon, still it's not an excuse for the sudden slowness, especially when I don't have powerful programs that requires the upgrade.

I have scanned with SpySweeper and Panda, both detected malware, unfortunately no fixing was done since both require payment to do so.

I scanned then with Ad-Aware, Spybot and AVG and fixed whatever they found.

I do have a log of Panda and screencap of SpySweeper, so if HJT log fails to be useful, I will provide the other 2 logs if requested.

I hope I provided enough information, and many thanks for taking the time to help out!





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:39 PM, on 5/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\iRotate\iRotate.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunServices: [Win Services] Srv32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKUS\S-1-5-18\..\Run: [svnlito32] svnlito32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft messenger] imsnger.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Miscrosoft Windows Explorer] IEEXPLORER.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Media Loader] wmloader.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Task Manager] tasks.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Schedule] sched.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000141.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [svnlito32] svnlito32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [svnlito32] svnlito32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [svnlito32] svnlito32.exe (User 'Default user')
O4 - Startup: Power-Antivirus-2009.lnk = C:\Program Files\Power-Antivirus-2009\Power-Antivirus-2009.exe
O4 - Startup: iRotate.lnk = C:\Program Files\iRotate\iRotate.exe
O4 - Global Startup: Start GetRight.lnk = C:\Program Files\GetRight\getright.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{3944273C-F6BA-48AC-843D-7A05E7C6B71D}: NameServer = 195.226.228.72 195.226.228.74
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pm ai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpi nion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\Pre mierOpinion\pmai.dll,C:\Program Files\PremierOpinion\pmai.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Socks-Cap (Sc32Inch) - Unknown owner - C:\WINDOWS\Sc32Inch.exe (file missing)
O23 - Service: Windows Event Services (SERVICE32) - Unknown owner - C:\WINDOWS\system\services.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6362 bytes
Register for free to hide this ad!
Zainin's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Jun 2007
Experience: Beginner
27-Jun-2009, 04:56 AM #2
Windows Reverting Back
Hello,

Could someone please help out? I'm not sure how to explain this problem, but for several months now I have been experiencing weird problems, sometimes when I reboot the Computer's date/clock goes back to 2002 and just a few weeks ago, the whole Windows system reverted back to it's old style, I have to associate files, folders are protected and my D drive vanished, it's just like how I first bought it, the first time it happened I manged to get back my current settings when I rebooted it once, but yesterday I had to unplug cables and reboot it twice till I got my current settings, both my computer and Internet seem to be slow as well, I already posted about that in here, but didn't get any replies, I thought maybe my HJT log was clean.

This time I scanned with "Malwarebytes' Anti-Malware" and "SUPERAntiSpyware" then scanned with "HiJackThis" I'm going to paste these 3 logs results, so hopefully someone might be able to define the problem this time. Thanks a lot!

-------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2

6/26/2009 8:04:45 AM
mbam-log-2009-06-26 (08-04-23).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 200256
Time elapsed: 1 hour(s), 12 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{20d5 7a66-f7df-467d-907b-9b7f4a118ab7} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntiVirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{20d57a66-f7df-467d-907b-9b7f4a118ab7} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITO R (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SERVICE32 (Backdoor.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sc32Inch (Backdoor.Sdbot) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks\{20d57a66-f7df-467d-907b-9b7f4a118ab7} (Trojan.Vundo) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\winsysban12.exe (Trojan.Agent) -> No action taken.

-------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/27/2009 at 08:07 AM

Application Version : 4.26.1006

Core Rules Database Version : 3959
Trace Rules Database Version: 1901

Scan type : Complete Scan
Total Scan Time : 02:56:49

Memory items scanned : 426
Memory threats detected : 0
Registry items scanned : 6927
Registry threats detected : 6
File items scanned : 125700
File threats detected : 71

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@content.yieldmanager.edgesuite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@content.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@s03.flagcounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sixapart.adbureau[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.dragonstar.dmoglobal[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediafire[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@smartadserver[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@click-power[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@www.click-power[2].txt
.mediafire.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.mediafire.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.mediafire.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
stat.onestat.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
stat.onestat.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
stat.onestat.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
www7.addfreestats.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
usawarez.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
usawarez.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.paypal.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.indextools.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.indigio.122.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.quill.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
find.franklin.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.franklinelectronicpublishers.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.buycom.122.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
traffic.buyservices.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
www.clickxchange.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.ice.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
.stats.paypal.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]

Adware.Elite Media
HKLM\Software\elite
HKLM\Software\elite#check
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/elite.ocx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/elite.ocx#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/elite.ocx#{9AC54695-69A4-46F1-BE10-10C74F9520D5}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downlo aded Program Files\elite.ocx [  ]
C:\WINDOWS\elitemediagroup.ini

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OAQC5ECM\TELLER2[1].HTM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KDABW923\TELLER2[1].HTM

Adware.Vundo/Variant-MSFake
C:\WINDOWS\SYSTEM32\T5RDV.DLL
C:\WINDOWS\SYSTEM32\ECESQ.DLL

Adware.DollarRevenue
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OAQC5ECM\smartload_stats[1].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WD6RC1IV\smartload_stats[1].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KDABW923\smartload_stats[1].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GL6NK1Y7\smartload[2].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GL6NK1Y7\smartload[1].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KDABW923\smartload_d[1].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WD6RC1IV\smartload_stats[2].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KDABW923\smartload_stats[3].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GL6NK1Y7\smartload[3].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KDABW923\smartload_stats[2].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GL6NK1Y7\smartload_stats[1].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OAQC5ECM\smartload_stats[2].htm

Trace.Known Threat Sources
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KDABW923\a272a970[1].js
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GL6NK1Y7\checkin[2].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OAQC5ECM\init[1].js
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WD6RC1IV\prompt_ie_win[1].js

-------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:15 AM, on 6/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\iRotate\iRotate.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\RunServices: [Win Services] Srv32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [svnlito32] svnlito32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft messenger] imsnger.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Miscrosoft Windows Explorer] IEEXPLORER.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Media Loader] wmloader.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Task Manager] tasks.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Schedule] sched.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000141.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [svnlito32] svnlito32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [svnlito32] svnlito32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [svnlito32] svnlito32.exe (User 'Default user')
O4 - Startup: Power-Antivirus-2009.lnk = C:\Program Files\Power-Antivirus-2009\Power-Antivirus-2009.exe
O4 - Startup: iRotate.lnk = C:\Program Files\iRotate\iRotate.exe
O4 - Global Startup: Start GetRight.lnk = C:\Program Files\GetRight\getright.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{3944273C-F6BA-48AC-843D-7A05E7C6B71D}: NameServer = 195.226.228.72 195.226.228.74
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pm ai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpi nion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\Pre mierOpinion\pmai.dll,C:\Program Files\PremierOpinion\pmai.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6950 bytes
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
03-Jul-2009, 10:06 AM #3
Download ATF Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.




Download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.


Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u14-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u14-windows-i586-p.exe and select "Run as an Administrator".)
__________________
Microsoft MVP/Windows - Consumer Security
Zainin's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Jun 2007
Experience: Beginner
04-Jul-2009, 09:45 PM #4
Hello cybertech,

Thank you for taking the time to help out!




Malwarebytes' Anti-Malware 1.38
Database version: 2370
Windows 5.1.2600 Service Pack 2

7/4/2009 8:02:45 AM
mbam-log-2009-07-04 (08-02-45).txt

Scan type: Quick Scan
Objects scanned: 91832
Time elapsed: 12 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\bb.exe (Trojan.Agent) -> Quarantined and deleted successfully.






--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, July 5, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, July 04, 2009 10:36:29
Records in database: 2425951
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 128675
Threat name: 7
Infected objects: 67
Suspicious objects: 0
Duration of the scan: 10:05:41


File name / Threat name / Threats count
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\i.bac_a03140 Infected: Trojan-Downloader.BAT.Ftp.ab 1
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\o.bac_a03140 Infected: Trojan-Downloader.BAT.Ftp.ab 1
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\YazzleBundle-1125.exe.bac_a03140 Infected: Trojan.Win32.Scapur.k 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP0.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP1.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP2.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP3.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP4.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP5.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP6.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP7.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP8.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP9.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP10.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP11.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP12.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP13.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP14.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP15.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP16.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP17.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP18.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP19.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP20.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP21.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP22.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP23.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP24.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP25.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP26.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP27.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP28.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP29.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP30.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP31.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP32.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP33.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP34.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP35.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP36.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP37.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP38.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP39.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP40.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP41.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP42.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP43.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP44.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP45.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP46.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP47.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP48.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP49.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP50.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP51.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP52.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP53.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP54.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP55.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP56.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP57.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP58.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP59.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
C:\Sysreset\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
C:\Sysreset\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
D:\Softwares & Misc\Sotwares\flvtomp4converter_setup.exe Infected: Trojan-Downloader.Win32.Delf.uhr 1
D:\Softwares & Misc\[[CHECK]]\Share10_ex2.zip Infected: not-a-virus:Client-P2P.Win32.Share.a 1

The selected area was scanned.
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
05-Jul-2009, 01:03 PM #5
I would delete these two items:
D:\Softwares & Misc\Sotwares\flvtomp4converter_setup.exe Infected: Trojan-Downloader.Win32.Delf.uhr 1
D:\Softwares & Misc\[[CHECK]]\Share10_ex2.zip Infected: not-a-virus:Client-P2P.Win32.Share.a 1



Empty the Norton AntiVirus Quarantine, no need to keep those hanging around.



Please post your hijackthis log again and let me know if you are still having problems.
__________________
Microsoft MVP/Windows - Consumer Security
Zainin's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Jun 2007
Experience: Beginner
05-Jul-2009, 02:34 PM #6
Thanks for the help!

-I deleted the 2 items.
-I wasn't sure how to empty the quarantine since I don't have NAV installed anymore, so I deleted the folder, I hope that was ok?




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:10 PM, on 7/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\iRotate\iRotate.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ACD Systems\ACDSee\ACDSee.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunServices: [Win Services] Srv32.exe
O4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserver
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [svnlito32] svnlito32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft messenger] imsnger.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Miscrosoft Windows Explorer] IEEXPLORER.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Media Loader] wmloader.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Task Manager] tasks.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Schedule] sched.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000141.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [svnlito32] svnlito32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [svnlito32] svnlito32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [svnlito32] svnlito32.exe (User 'Default user')
O4 - Startup: Power-Antivirus-2009.lnk = C:\Program Files\Power-Antivirus-2009\Power-Antivirus-2009.exe
O4 - Startup: iRotate.lnk = C:\Program Files\iRotate\iRotate.exe
O4 - Global Startup: Start GetRight.lnk = C:\Program Files\GetRight\getright.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{3944273C-F6BA-48AC-843D-7A05E7C6B71D}: NameServer = 195.226.228.72 195.226.228.74
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pm ai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpi nion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\Pre mierOpinion\pmai.dll,C:\Program Files\PremierOpinion\pmai.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7058 bytes
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
06-Jul-2009, 11:14 AM #7
Please download this from Microsoft and run it on your computer
Filename: WGADiag2.exe
http://go.microsoft.com/fwlink/?linkid=52012

Press "Copy to clipboard" and then you can paste to Wordpad and post to this thread
Zainin's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Jun 2007
Experience: Beginner
06-Jul-2009, 04:48 PM #8
Diagnostic Report (1.9.0006.1):
-----------------------------------------
WGA Data-->
Validation Status: Blocked VLK
Validation Code: 3
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-4RHJG-83M4Y-7X9GW
Windows Product Key Hash: 5CG2aCaHENU8LMWFFoQ/184emQ0=
Windows Product ID: 55274-649-6478953-23289
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.2.0.pro
ID: {8C67087F-D47A-41DC-904A-7367388B3F3A}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 3
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
Microsoft Office FrontPage 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\PROGRA~1\MOZILL~1\FIREFOX.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{8C67087F-D47A-41DC-904A-7367388B3F3A}</UGUID><Version>1.9.0006.1</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-7X9GW</PKey><PID>55274-649-6478953-23289</PID><PIDType>1</PIDType><SID>S-1-5-21-515967899-630328440-839522115</SID><SYSTEM><Manufacturer>INTEL_</Manufacturer><Model>D845PESV</Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>SV84510A.86A.0006.P02.0208220046</Version><SMBIOSVersion major="2" minor="3"/><Date>20020822000000.000000+000</Date></BIOS><HWID>FBF13A4701842042</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Arab Standard Time(GMT+03:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57715</Pid><PidType>14</PidType></Product><Product GUID="{90170409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office FrontPage 2003</Name><Ver>11</Ver><Val>5EA9C3672EB0500</Val><Hash>GZD+9sfb5ecL3RxyV4F75a86u2M=</Hash><Pid>72079-640-0000106-55175</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="17" Version="11" Result="100"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 4C51:Compaq Computer Corporation|1A4F1:GENUINE C&C INC|4C51:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
06-Jul-2009, 07:26 PM #9
This installation of windows is being blocked which usually means it is not a legal install.
It is using a volume licence key.
Where did it come from?

Go to Start
All Programs
Accessories
System Tools
Activate Windows

If available, follow the prompts to Activate Windows. If the installation was done from someone else's CD, I would suggest you backup all your documents and personal items, and restore the computer back to factory settings. It isn't wise to keep non-genuine installations.
__________________
Microsoft MVP/Windows - Consumer Security
Zainin's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Jun 2007
Experience: Beginner
06-Jul-2009, 10:23 PM #10
I don't see Activate Windows.

I knew you were gonna ask this, I actually added a note in my previous post, but decided to delete it, and see what you're gonna say first.

I have always had a legal copy of XP, until one day when my computer got infected with virus, at that time I didn't know of TSG forum and NAV was almost useless in solving the problems, so the repair guy formatted my PC and obviously replaced it with a pirate copy, I didn't realize so, until months later when I tried to download something from Microsoft site and the validation didn't work.

Now, I would like to get a legal copy, but the idea of moving my files just discourages me, especially the softwares that I installed.

I might be able to move my files (videos & zips) to my external HD, but can I install a legal copy without losing the settings/softwares I installed already? like video codecs, iTunes, AVG, etc... not to mention having my PC recognize USB devices e.g. scanner, memory sticks, ebook reader, etc...?

If it's not too much trouble, could you please shed some lights on this matter? much appreciated!

Thank you so much for taking the time to solve this problem.
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
07-Jul-2009, 11:45 AM #11
It's unfortunate that you got caught in this situation, as happens to so many people who are not aware their systems are not genuine after being repaired.


Here is a forum where they can try and assist you: http://social.microsoft.com/forums/e...owsxp/threads/



Also for what it's worth you would be better off doing a format and reload on this machine which will not save your downloaded programs or data but you will have a clean OS to start fresh with.
__________________
Microsoft MVP/Windows - Consumer Security
Zainin's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Jun 2007
Experience: Beginner
07-Jul-2009, 03:05 PM #12
Thank you cybertech, you have been such a great help!

I will be checking out the Microsoft forum shortly.

Thank you so much! ^_^
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
08-Jul-2009, 05:41 PM #13
You're welcome. Good luck.
Closed Thread Bookmark and Share

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 05:08 AM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.