1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spyware keeps coming back

Discussion in 'Virus & Other Malware Removal' started by jbartosh, Dec 1, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. jbartosh

    jbartosh Thread Starter

    Joined:
    Dec 1, 2007
    Messages:
    7
    I was attacked by spyware a month or so ago, I was able to remove most of it on my own using AVG anti-spyware, killbox, hijack this, and some registry fixes. I am currently using AVG to guard my system, but some of the problems keep coming back again and again. Namely, tiny.id (xoasonqc.exe in the system32 folder) and trojan.agent.aoy (tnypwspg.exe) also, hjy.dll and gebyawv.dll which is particularly irritating, as AVG pops up that it finds it at least twice every boot up. Right now, I have been quarantee-ing the files as it seems when I set to "permanently remove" they came back quicker. In the infections log of AVG, gebyawv is listed at least twenty times. Since the attack I have noticed other quirks such as pages not loading correctly in Netscape 9, seemingly slower operation when launching programs (some perhaps due to system resources taken up by AVG and A squared which now run in background). Please let me know if I can completely elimate this problems and restore my system to it's former operating conditions.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:49:19 PM, on 12/1/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\USB Storage RW\shwicon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\TSIRCSRV.EXE
    C:\hp\drivers\keyboard\PS2.EXE
    C:\Program Files\HP DVD\Umbrella\DVDTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\Program Files\Netscape\Navigator 9\navigator.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://weather.noaa.gov/cgi-bin/iwszone?Sites=:wiz007"); (C:\Documents and Settings\ADMINISTRATOR\Application Data\Mozilla\Profiles\default\t4u1l1wr.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ADMINISTRATOR\Application Data\Mozilla\Profiles\default\t4u1l1wr.slt\prefs.js)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Renovate] C:\WINDOWS\System32\Renovate.exe
    O4 - HKLM\..\Run: [PS2] C:\hp\drivers\keyboard\PS2.EXE
    O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [50e39626] rundll32.exe "C:\WINDOWS\system32\biuvxjgc.dll",b
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Movies Extractor Scout LITE - {A44881AD-79EE-4953-91A5-602B65502B1B} - C:\Program Files\Movies Extractor Scout LITE\flashextract.exe
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\bdsgcfgu.exe (file missing)
    O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
    O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE

    --
    End of file - 5023 bytes
     
  2. Sponsor

  3. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
    Hi Welcome to TSG!!

    Run HJT again and put a check in the following:

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
    O4 - HKLM\..\Run: [50e39626] rundll32.exe "C:\WINDOWS\system32\biuvxjgc.dll",b
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\bdsgcfgu.exe (file missing)

    Close all applications and browser windows before you click "fix checked".



    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




    Download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    --------------------------------------------------------------------
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
  4. jbartosh

    jbartosh Thread Starter

    Joined:
    Dec 1, 2007
    Messages:
    7
    ComboFix 07-12-02.6 - Administrator 2007-12-03 14:23:06.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.231 [GMT -6:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrator\Application Data\CURITY~1
    C:\Documents and Settings\Administrator\Application Data\CURITY~1\m?dtc.exe
    C:\Documents and Settings\Administrator\Application Data\WinTouch
    C:\Documents and Settings\Administrator\Application Data\WinTouch\WinTouch.exe
    C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
    C:\Documents and Settings\Administrator\My Documents\ASKS~1
    C:\Documents and Settings\Administrator\My Documents\ASKS~1\?asks\
    C:\Documents and Settings\Administrator\My Documents\ASKS~1\dexplore.exe
    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\LocalService\Application Data\NetMon
    C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
    C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
    C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
    C:\Program Files\Temporary
    C:\Temp\abW9
    C:\WINDOWS\adbar.dll
    C:\WINDOWS\b128.exe
    C:\WINDOWS\daxtime.dll
    C:\WINDOWS\dp0.dll
    C:\WINDOWS\eventlowg.dll
    C:\WINDOWS\flt.dll
    C:\WINDOWS\jd2002.dll
    C:\WINDOWS\ngd.dll
    C:\WINDOWS\pbar.dll
    C:\WINDOWS\spredirect.dll
    C:\WINDOWS\system32\bkpptjyi.ini
    C:\WINDOWS\system32\ckxbdloy.dll
    C:\WINDOWS\system32\ctbiiuhw.dll
    C:\WINDOWS\system32\cyukxmvh.dll
    C:\WINDOWS\system32\dpqaqlqx.bin
    C:\WINDOWS\system32\drivers\blank.gif
    C:\WINDOWS\system32\drivers\box_1.gif
    C:\WINDOWS\system32\drivers\box_2.gif
    C:\WINDOWS\system32\drivers\box_3.gif
    C:\WINDOWS\system32\drivers\button_buynow.gif
    C:\WINDOWS\system32\drivers\button_freescan.gif
    C:\WINDOWS\system32\drivers\cell_bg.gif
    C:\WINDOWS\system32\drivers\cell_footer.gif
    C:\WINDOWS\system32\drivers\cell_header_block.gif
    C:\WINDOWS\system32\drivers\cell_header_remove.gif
    C:\WINDOWS\system32\drivers\cell_header_scan.gif
    C:\WINDOWS\system32\drivers\detect.htm
    C:\WINDOWS\system32\drivers\download_box.gif
    C:\WINDOWS\system32\drivers\download_btn.jpg
    C:\WINDOWS\system32\drivers\download_now_btn.gif
    C:\WINDOWS\system32\drivers\footer_back.jpg
    C:\WINDOWS\system32\drivers\header_1.gif
    C:\WINDOWS\system32\drivers\header_2.gif
    C:\WINDOWS\system32\drivers\header_3.gif
    C:\WINDOWS\system32\drivers\header_4.gif
    C:\WINDOWS\system32\drivers\header_red_bg.gif
    C:\WINDOWS\system32\drivers\header_red_free_scan.gif
    C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
    C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
    C:\WINDOWS\system32\drivers\infected.gif
    C:\WINDOWS\system32\drivers\main_back.gif
    C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
    C:\WINDOWS\system32\drivers\product_1_header.gif
    C:\WINDOWS\system32\drivers\product_1_name_small.gif
    C:\WINDOWS\system32\drivers\product_2_header.gif
    C:\WINDOWS\system32\drivers\product_2_name_small.gif
    C:\WINDOWS\system32\drivers\product_3_header.gif
    C:\WINDOWS\system32\drivers\product_3_name_small.gif
    C:\WINDOWS\system32\drivers\product_features.gif
    C:\WINDOWS\system32\drivers\pt.htm
    C:\WINDOWS\system32\drivers\rating.gif
    C:\WINDOWS\system32\drivers\s_detect.htm
    C:\WINDOWS\system32\drivers\screenshot.jpg
    C:\WINDOWS\system32\drivers\sep_hor.gif
    C:\WINDOWS\system32\drivers\sep_vert.gif
    C:\WINDOWS\system32\drivers\shadow.jpg
    C:\WINDOWS\system32\drivers\shadow_bg.gif
    C:\WINDOWS\system32\drivers\spacer.gif
    C:\WINDOWS\system32\drivers\spy_away_box.jpg
    C:\WINDOWS\system32\drivers\star.gif
    C:\WINDOWS\system32\drivers\star_gray.gif
    C:\WINDOWS\system32\drivers\star_gray_small.gif
    C:\WINDOWS\system32\drivers\star_small.gif
    C:\WINDOWS\system32\drivers\style.css
    C:\WINDOWS\system32\drivers\v.gif
    C:\WINDOWS\system32\drivers\warning_icon.gif
    C:\WINDOWS\system32\drivers\win_logo.gif
    C:\WINDOWS\system32\drivers\x.gif
    C:\WINDOWS\system32\flywaqov.dll
    C:\WINDOWS\system32\fmvewahv.dll
    C:\WINDOWS\system32\fqwqmbic.exe
    C:\WINDOWS\system32\gebyawv.dll
    C:\WINDOWS\system32\gvsnyftb.dll
    C:\WINDOWS\system32\hjpiysgi.exe
    C:\WINDOWS\system32\iapxjfvh.dll
    C:\WINDOWS\system32\iyjtppkb.dll
    C:\WINDOWS\system32\ldinfo.ldr
    C:\WINDOWS\system32\ljjjgef.dll
    C:\WINDOWS\system32\mabrplsm.exe
    C:\WINDOWS\system32\oghaomcb.dll
    C:\WINDOWS\system32\opnlkll.dll
    C:\WINDOWS\system32\ounmcqgb.dll
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\palinloa.dll
    C:\WINDOWS\system32\pntfcthe.dll
    C:\WINDOWS\system32\pvuxvwfg.dll
    C:\WINDOWS\system32\qqstv.bak1
    C:\WINDOWS\system32\qqstv.bak2
    C:\WINDOWS\system32\qqstv.ini
    C:\WINDOWS\system32\rMa01yy
    C:\WINDOWS\system32\rMa02yy
    C:\WINDOWS\system32\rrwoxljv.dllbox
    C:\WINDOWS\system32\snajoymk.dll
    C:\WINDOWS\system32\sznf.ascii
    C:\WINDOWS\system32\tuvuvvu.dll
    C:\WINDOWS\system32\uuyuqghs.dll
    C:\WINDOWS\system32\voqawylf.ini
    C:\WINDOWS\system32\vtsqq.dll
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\system32\xalxtnff.dll
    C:\WINDOWS\system32\yoldbxkc.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CMDSERVICE
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_NETWORK_MONITOR
    -------\DomainService
    -------\Network Monitor


    ((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
    .

    2007-12-02 20:56 . 2007-12-02 20:56 145,984 --a------ C:\WINDOWS\system32\aljjaene.dll
    2007-12-01 19:21 . 2007-12-03 06:25 794,264 --ahs---- C:\WINDOWS\system32\hkallqpq.ini
    2007-12-01 19:12 . 2007-12-01 19:12 145,984 --a------ C:\WINDOWS\system32\btujskqg.dll
    2007-12-01 17:26 . 2007-12-01 17:26 <DIR> d-------- C:\Program Files\Orbitdownloader
    2007-12-01 17:26 . 2007-12-01 19:10 <DIR> d-------- C:\Downloads
    2007-12-01 17:26 . 2007-12-01 21:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Orbit
    2007-11-30 19:07 . 2007-11-30 19:07 145,984 --a------ C:\WINDOWS\system32\kdgceshr.dll
    2007-11-29 17:38 . 2007-12-01 16:37 795,073 --ahs---- C:\WINDOWS\system32\cgjxvuib.ini
    2007-11-29 17:29 . 2007-11-29 17:29 145,984 --a------ C:\WINDOWS\system32\tifxtmsg.dll
    2007-11-28 17:30 . 2007-11-29 17:30 786,945 --ahs---- C:\WINDOWS\system32\nsahpajw.ini
    2007-11-28 17:28 . 2007-11-28 17:28 145,984 --a------ C:\WINDOWS\system32\lgjkemej.dll
    2007-11-27 16:47 . 2007-11-28 17:28 786,525 --ahs---- C:\WINDOWS\system32\yidgyojo.ini
    2007-11-27 16:42 . 2007-11-27 16:42 145,984 --a------ C:\WINDOWS\system32\jiarcorf.dll
    2007-11-26 09:27 . 2007-11-27 16:42 782,304 --ahs---- C:\WINDOWS\system32\itiufbak.ini
    2007-11-26 09:24 . 2007-11-26 09:24 145,984 --a------ C:\WINDOWS\system32\ihpsggmj.dll
    2007-11-25 09:04 . 2007-11-26 09:22 777,152 --ahs---- C:\WINDOWS\system32\ifkumohy.ini
    2007-11-25 08:55 . 2007-11-25 08:55 145,984 --a------ C:\WINDOWS\system32\idqwsblh.dll
    2007-11-24 08:26 . 2007-11-25 08:53 776,672 --ahs---- C:\WINDOWS\system32\qivnueeg.ini
    2007-11-24 08:22 . 2007-11-24 08:22 145,984 --a------ C:\WINDOWS\system32\gtsaaldh.dll
    2007-11-23 07:56 . 2007-11-24 08:21 773,309 --ahs---- C:\WINDOWS\system32\wtuslbpy.ini
    2007-11-23 07:51 . 2007-11-23 07:51 145,984 --a------ C:\WINDOWS\system32\tjiasrrp.dll
    2007-11-21 19:27 . 2007-11-21 19:27 145,984 --a------ C:\WINDOWS\system32\mbuvlgln.dll
    2007-11-20 19:32 . 2007-11-21 19:32 714,521 --ahs---- C:\WINDOWS\system32\tokscvhg.ini
    2007-11-20 19:28 . 2007-11-20 19:28 145,984 --a------ C:\WINDOWS\system32\jflajcxe.dll
    2007-11-19 19:42 . 2007-12-01 19:27 0 --a------ C:\WINDOWS\system32\mcrh.tmp
    2007-11-19 19:26 . 2007-11-19 19:26 145,984 --a------ C:\WINDOWS\system32\ggpdsndr.dll
    2007-11-15 10:17 . 2007-11-15 10:17 <DIR> d-------- C:\Program Files\Alcohol Soft
    2007-11-14 10:14 . 2007-11-14 10:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SmartFTP
    2007-11-14 10:12 . 2007-11-14 10:12 <DIR> d-------- C:\Program Files\SmartFTP Client
    2007-11-14 10:09 . 2007-11-14 10:10 <DIR> d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
    2007-11-14 09:32 . 2007-11-14 09:32 1,393 --a------ C:\WINDOWS\imsins.BAK
    2007-11-09 16:22 . 2007-11-09 16:22 <DIR> d-------- C:\Program Files\ReadPlease 2003
    2007-11-09 07:54 . 2007-11-09 10:17 <DIR> d-------- C:\Program Files\a-squared Free
    2007-11-08 21:07 . 2007-11-08 21:07 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-08 18:10 . 2007-11-08 18:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
    2007-11-08 18:09 . 2007-11-08 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-08 18:09 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-08 18:02 . 2007-11-08 18:03 <DIR> d-------- C:\Program Files\CCleaner
    2007-11-08 17:22 . 2007-11-08 17:22 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
    2007-11-08 17:08 . 2007-11-08 21:28 4 --a------ C:\WINDOWS\system32\stfv.bin
    2007-11-08 17:02 . 2007-11-08 17:02 15,872 --a------ C:\WINDOWS\system32\ace16win.dll
    2007-11-08 17:02 . 2007-11-08 17:02 11,008 --a------ C:\WINDOWS\absolute key logger.lnk
    2007-11-08 16:48 . 2007-11-08 17:55 43,065 --a------ C:\WINDOWS\acdt-pid72.exe
    2007-11-08 16:42 . 2007-11-08 21:15 <DIR> d--hs---- C:\WINDOWS\WW91ciBVc2VyIE5hbWU
    2007-11-08 16:41 . 2007-11-08 16:41 12 --a------ C:\WINDOWS\system32\din.ip
    2007-11-08 16:41 . 2007-11-08 16:41 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
    2007-11-07 19:28 . 2007-11-07 19:28 <DIR> d-------- C:\Program Files\DAEMON Tools
    2007-11-07 19:25 . 2007-11-07 19:25 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-11-06 12:29 . 2003-04-30 13:24 6,852 --a------ C:\WINDOWS\system32\drivers\Vcs.sys
    2007-11-06 12:29 . 2007-11-06 12:29 16 --a------ C:\WINDOWS\system32\RgsdData.dat
    2007-11-06 12:29 . 2007-11-06 12:29 16 --a------ C:\WINDOWS\odbctrp.ini
    2007-11-06 11:39 . 2007-11-06 11:39 <DIR> d-------- C:\Program Files\Common Files\Download Manager

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-30 00:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SopCast
    2007-11-14 16:50 113,536 -c--a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
    2007-11-14 15:39 --------- d-----w C:\Program Files\ImgBurn
    2007-11-13 00:36 --------- d-----w C:\Program Files\DVDlab
    2007-11-09 00:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-09 00:38 --------- d-----w C:\Program Files\IntelliMoverDemo
    2007-11-09 00:35 --------- d-----w C:\Program Files\BitTorrent_DNA
    2007-11-09 00:32 --------- d-----w C:\Program Files\WildTangent
    2007-11-09 00:16 --------- d-----w C:\Program Files\McAfee
    2007-11-08 23:42 --------- d-----w C:\Program Files\Norton Utilities
    2007-11-08 22:40 0 ----a-w C:\Program Files\wscript
    2007-11-08 19:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent
    2007-11-08 16:04 --------- d-----w C:\Program Files\mIRC
    2007-10-30 01:29 --------- d-----w C:\Program Files\SopCast
    2007-10-27 00:32 --------- d-----w C:\Program Files\FlexiMusic Composer
    2007-10-22 22:36 --------- d-----w C:\Program Files\DVDInfoPro
    2007-10-19 02:19 --------- d-----w C:\Program Files\WinAVIVideoConverter
    2007-10-15 00:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ImgBurn
    2007-10-13 21:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
    2007-10-13 02:22 --------- d-----w C:\Program Files\DivX
    2007-10-12 22:16 --------- d-----w C:\Program Files\BitTorrent
    2007-10-12 01:39 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-10-06 18:38 --------- d-----w C:\Program Files\SWiSH v2.0
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{356F73FF-4DF1-40C0-A154-98228245CB7E}]
    C:\Program Files\Windows Media Player\merozeke555077.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
    C:\WINDOWS\system32\aivskurq.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B088AA3D-6580-4D23-DA29-3EE671830892}]
    C:\WINDOWS\system32\hjy.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIEW"="nview.dll" [2003-03-03 17:44 C:\WINDOWS\system32\nview.dll]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-04 01:56]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
    "KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [2002-10-25 16:33]
    "CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-18 00:11]
    "WCOLOREAL"="C:\Program Files\Coloreal\coloreal.exe" [2002-11-26 18:14]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:56 C:\WINDOWS\system32\rundll32.exe]
    "Renovate"="C:\WINDOWS\System32\Renovate.exe" [1999-07-29 11:22]
    "PS2"="C:\hp\drivers\keyboard\PS2.EXE" [2002-10-16 16:57]
    "DVDTray"="C:\Program Files\HP DVD\Umbrella\DVDTray.exe" [2003-07-23 10:41]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Shortcut to rise.lnk - C:\Mcam8\crack\rise.EXE [2006-03-22 18:00:42]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rrwoxljv]
    rrwoxljv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjv32]
    winbjv32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^TA_Start.lnk]
    path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\TA_Start.lnk
    backup=C:\WINDOWS\pss\TA_Start.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
    backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk
    backup=C:\WINDOWS\pss\hp center.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    2007-10-12 16:16 286016 --a------ C:\Program Files\BitTorrent_DNA\dna.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]
    C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe -boot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iaes]
    C:\DOCUME~1\ADMINI~1\MYDOCU~1\ASKS~1\dexplore.exe -vt yazb

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
    C:\Program Files\Insider\Insider.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Automatic Backup 1.0.1]
    2002-08-27 15:15 3014656 --a--c--- C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LapLink Scheduler]
    2001-09-06 14:51 126976 --a--c--- C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee.InstantUpdate.Monitor]
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe /STARTMONITOR

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MOD]
    2001-08-11 11:24 73728 --a--c--- C:\Program Files\Microangelo\muamgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /installquiet /keeploaded /nodetect

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\xnpnctm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
    C:\Program Files\VERITAS Software\Update Manager\sgtray.exe /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
    C:\Program Files\WinAble\winable.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]
    C:\WINDOWS\winshow.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
    C:\Documents and Settings\Administrator\Application Data\WinTouch\WinTouch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{39-96-68-89-ZN}]
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\T0CHD001.exe CHD001

    R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
    R1 TSIMSF5;Traveling Software Mouse Filter Driver;C:\WINDOWS\system32\drivers\TSIMSF5.sys
    R2 TSIREGMO;tsiregmo;C:\WINDOWS\system32\drivers\tsiregmo.sys
    R2 TSISER;TSISER;C:\WINDOWS\system32\drivers\TSISER.sys
    R2 TSISTRMX;Traveling Software Stream Driver;C:\WINDOWS\system32\drivers\TSISTRMX.sys
    R2 Vcs;Vcs support;\??\C:\WINDOWS\system32\Drivers\Vcs.sys
    R3 EvcapMaui;Emuzed EvcapMaui Device;C:\WINDOWS\system32\DRIVERS\EvcapMau.sys
    R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS
    S1 TSIRCINK;Traveling Software Install Driver;C:\WINDOWS\system32\drivers\TSIRCINK.sys
    S1 tsircmir;LapLink Mirror Driver Miniport;C:\WINDOWS\system32\Drivers\trircmir.sys
    S2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;C:\WINDOWS\system32\drivers\CoachCap.sys
    S3 GrooveInstallerService;Groove Installer Service;C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe
    S3 PCDRDRV;Pcdr Helper Driver;\??\C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys

    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-03 14:43:14
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-12-03 14:46:47 - machine was rebooted
    .
    --- E O F ---
     
  5. jbartosh

    jbartosh Thread Starter

    Joined:
    Dec 1, 2007
    Messages:
    7
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:48:03 PM, on 12/3/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\TSIRCSRV.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\USB Storage RW\shwicon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\hp\drivers\keyboard\PS2.EXE
    C:\Program Files\HP DVD\Umbrella\DVDTray.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://weather.noaa.gov/cgi-bin/iwszone?Sites=:wiz007"); (C:\Documents and Settings\ADMINISTRATOR\Application Data\Mozilla\Profiles\default\t4u1l1wr.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ADMINISTRATOR\Application Data\Mozilla\Profiles\default\t4u1l1wr.slt\prefs.js)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {356F73FF-4DF1-40C0-A154-98228245CB7E} - C:\Program Files\Windows Media Player\merozeke555077.dll (file missing)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
    O2 - BHO: (no name) - {B088AA3D-6580-4D23-DA29-3EE671830892} - C:\WINDOWS\system32\hjy.dll (file missing)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Renovate] C:\WINDOWS\System32\Renovate.exe
    O4 - HKLM\..\Run: [PS2] C:\hp\drivers\keyboard\PS2.EXE
    O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
    O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html
    O9 - Extra button: Movies Extractor Scout LITE - {A44881AD-79EE-4953-91A5-602B65502B1B} - C:\Program Files\Movies Extractor Scout LITE\flashextract.exe
    O20 - Winlogon Notify: rrwoxljv - rrwoxljv.dll (file missing)
    O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
    O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
    O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE

    --
    End of file - 7382 bytes
     
  6. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.


    Next


    Please perform a scan with Kaspersky Webscan Online Virus Scanner

    1. Read the Requirements and Privacy statement, then select "Accept".
    2. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
    3. Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
    4. When the download is complete it will say ready, click "Next".
    5. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
    6. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
    7. Click "OK".
    8. Under "Select a target to scan", click on "My Computer".
    9. When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

    Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
     
  7. jbartosh

    jbartosh Thread Starter

    Joined:
    Dec 1, 2007
    Messages:
    7
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/04/2007 at 12:17 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270

    Scan type : Complete Scan
    Total Scan Time : 03:23:26

    Memory items scanned : 382
    Memory threats detected : 0
    Registry items scanned : 8180
    Registry threats detected : 0
    File items scanned : 213202
    File threats detected : 4

    Adware.ClickSpring-Variant
    C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\ASKS~1\DEXPLORE.EXE.VIR

    Adware.ClickSpring/Yazzle
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1549OINADMIN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1549OINUNINSTALLER.EXE.VIR

    Adware.RAC
    C:\WINDOWS\ACDT-PID72.EXE
     
  8. jbartosh

    jbartosh Thread Starter

    Joined:
    Dec 1, 2007
    Messages:
    7
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:29:11 PM, on 12/4/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\USB Storage RW\shwicon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\hp\drivers\keyboard\PS2.EXE
    C:\Program Files\HP DVD\Umbrella\DVDTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\TSIRCSRV.EXE
    C:\WINDOWS\ehome\ehmsas.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Netscape\Navigator 9\navigator.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://weather.noaa.gov/cgi-bin/iwszone?Sites=:wiz007"); (C:\Documents and Settings\ADMINISTRATOR\Application Data\Mozilla\Profiles\default\t4u1l1wr.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ADMINISTRATOR\Application Data\Mozilla\Profiles\default\t4u1l1wr.slt\prefs.js)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {356F73FF-4DF1-40C0-A154-98228245CB7E} - C:\Program Files\Windows Media Player\merozeke555077.dll (file missing)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
    O2 - BHO: (no name) - {B088AA3D-6580-4D23-DA29-3EE671830892} - C:\WINDOWS\system32\hjy.dll (file missing)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Renovate] C:\WINDOWS\System32\Renovate.exe
    O4 - HKLM\..\Run: [PS2] C:\hp\drivers\keyboard\PS2.EXE
    O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
    O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html
    O9 - Extra button: Movies Extractor Scout LITE - {A44881AD-79EE-4953-91A5-602B65502B1B} - C:\Program Files\Movies Extractor Scout LITE\flashextract.exe
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: rrwoxljv - rrwoxljv.dll (file missing)
    O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
    O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
    O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE

    --
    End of file - 7285 bytes
     
  9. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
    Run HJT again and put a check in the following:

    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: (no name) - {356F73FF-4DF1-40C0-A154-98228245CB7E} - C:\Program Files\Windows Media Player\merozeke555077.dll (file missing)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
    O2 - BHO: (no name) - {B088AA3D-6580-4D23-DA29-3EE671830892} - C:\WINDOWS\system32\hjy.dll (file missing)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O20 - Winlogon Notify: rrwoxljv - rrwoxljv.dll (file missing)
    O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)

    Close all applications and browser windows before you click "fix checked".


    Please post the Kaspersky log when you are finished running it.
     
  10. jbartosh

    jbartosh Thread Starter

    Joined:
    Dec 1, 2007
    Messages:
    7
    Kapersky virus scanner always stalls at about 4 or 5 percent. Is there an alternative? I am using IE 7, I don't like IE and would never use it, I downloaded it to use the kapersky scanner, please let me know if there is an alternative, if it is web-based, something that is Netscape friendly would be better.
     
  11. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

    Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Processes group click ALL
    • In the Win32 Services group click ALL
    • In the Driver Services group click ALL
    • In the Registry group click ALL
    • In the Files Created Within group click 60 days Make sure Non-Microsoft only is UNCHECKED
    • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is UNCHECKED
    • In the File String Search group select ALL
    • in the Additional scans sections please press select ALL
    • Now click the Run Scan button on the toolbar.
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file but click on the "Format" menu and make sure that "word wrap" is not checked. If it is then click on it to uncheck it.
    Please post the resulting log here as an attachment.

    • Click on the orange Post a Reply! button
    • scroll down to Manage Attachments
    • Click in the box that says Upload File from your Computer
    • Click the Browse... button and find the file then click open
    • Click the Upload button
    • Wait until you see Current Attachment and your file name
    • Click on Close this window
    • Then submit the reply.
     
  12. jbartosh

    jbartosh Thread Starter

    Joined:
    Dec 1, 2007
    Messages:
    7
    attached
     

    Attached Files:

  13. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
    Did you install absolute key logger on your machine?
     
  14. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
    The P2P programs you have installed expose you to risks because of the nature of the P2P file sharing process. File sharing/P2P programs rely on members giving and gaining unrestricted access to computers across the P2P network. This practice can make you vulnerable to data and identity theft. It also exposes you to very malicious worms and trojans. You change those risky default settings to a safer configuration but the act of downloading files from an anonymous source greatly increases your exposure to infection.

    Go to add/remove programs and remove all P2P programs from your machine!


    Disable SUPERAntiSpyware before you run this fix.


    Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

    I will review the information when it comes back in.

    Please perform a scan with Kaspersky Webscan Online Virus Scanner

    1. Read the Requirements and Privacy statement, then select "Accept".
    2. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
    3. Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
    4. When the download is complete it will say ready, click "Next".
    5. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
    6. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
    7. Click "OK".
    8. Under "Select a target to scan", click on "My Computer".
    9. When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

    Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/658011