[Sekaidus]

running off of the command line version I get ...is not recognized as an internal or external command, operable program or batch file.
I'm gonna dl the user interface version.

[Sekaidus]

that worked.

11/28/06 19:50:14 [Info]: BlackLight Engine 1.0.47 initialized
11/28/06 19:50:14 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/28/06 19:50:14 [Note]: 7019 4
11/28/06 19:50:14 [Note]: 7005 0
11/28/06 19:50:18 [Note]: 7006 0
11/28/06 19:50:18 [Note]: 7011 1768
11/28/06 19:50:18 [Note]: 7026 0
11/28/06 19:50:18 [Note]: 7026 0
11/28/06 19:50:26 [Note]: FSRAW library version 1.7.1020
11/28/06 19:53:51 [Note]: 2000 1012
11/28/06 19:55:01 [Note]: 7007 0

[Sekaidus]

Thinking back on it, I believe it was the panda scan that recognized the rootkit.

[Sekaidus]

To me this seems like an advert, but it was panda that found a rootkit. The #'s quadrupled.

Incident Status Location

Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/awtqo.dll]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/awtsq.dll]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/awvtt.dll]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/ddabb.dll]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/ddcyv.dll]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/geebc.dll]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/jkhfe.dll]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/jkkll.dll]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/mllmj.dll]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/mllmm.dll]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/mllmn.dll]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/pmnnm.dll]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/ssqrq.dll]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/ssqrr.dll]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/ssttq.dll]
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/ssttt.dll]
Virus:Trj/Nebule.A Disinfected C:\avenger\backup.zip[avenger/winmbj32.dll]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@2o7[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bluestreak[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cgi-bin[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@counter.hitslink[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@drivecleaner[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-dig.hitbox[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fastclick[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@hc2.humanclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@hitbox[2].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@hotlog[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@i.screensavers[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@landing.domainsp onsor[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@realmedia[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@searchportal.inf ormation[1].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@spylog[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@statcounter[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@stats.driveclean er[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@statse.webtrends live[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@toplist[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tribalfusion[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tucows[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.systemdoctor[1].txt
Spyware:Cookie/Virusbursters Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.virusburster s[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[1].txt
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\New Folder\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\New Folder\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Possible Virus. Not disinfected C:\sUBs\TSF\swreg.exe
Possible Virus. Not disinfected C:\VundoFix Backups\vtsqr.dll.bad
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

[Sekaidus]

I somehow glossed over your last set of instructions. Seemingly, by far the easiest explination ultimately was the correct one. Somthing I'd disabled at startup was the culprit.
Thx D

[dvk01]

there is nothing showing bad in the panda log

all it finds are those that have been deleted and in backup folders

if everything is OK now then

Turn off system restore by following instructions here
http://www.thespykiller.co.uk/forum/index.php?page=8
That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.

go here http://forums.techguy.org/t208517/s.html for info on how to tighten your security settings and how to help prevent future attacks.

and pay an urgent visit to windows update & make sure you are fully updated & get the bunch of new updates that are alleged to plug the security holes that let these pests on in the first place

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

[Sekaidus]

Everything does seem OK. Though I don't like the Explorer 7point setup.

[dvk01]

Sorry can you explain

if you don't want IE7 yet then say no when it offers it

It's not compulsory but I do recommend it as it is better than IE6 on XP & somewhat less vulnerable to many avenues of attack