1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.
Thread Status:
Not open for further replies.
Advertisement
  1. shelldy

    shelldy Thread Starter

    Joined:
    Nov 2, 2007
    Messages:
    3
    Hey,

    Please help. I have tried a fix that was posted on your forum from MFDnNC regarding a [email protected] trojan. I downloaded the file www.techsupportforum.com/sect...s/ComboFix
    and followed the prompts. The log is below. Then I tried running a SAS free home version scan, it found no virues. But I continue to get a small flashing blue shield that intermittently flashes a red x. I continue to get a pop up message that has a yellow triangle with a black exclammation point titled System Alert. Antivir gear pops up. Currently I'm running F secure scan wizard and it has detected one virus. I currently am running on Win XP. Is there anything else I need to do?

    ComboFix 07-11-01.1** - Shell Day 2007-11-02 19:05:13.1 - FAT32x86
    Running from: C:\Documents and Settings\Shell Day\Local Settings\Temporary Internet Files\Content.IE5\G963SLYN\ComboFix[1].exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn-new.htmlx
    C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
    C:\Program Files\internet explorer\msimg32.dll
    C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Cache\000A8E52
    C:\Program Files\MyWebSearch\bar\Cache\001068BA
    C:\Program Files\MyWebSearch\bar\Cache\013638C5
    C:\Program Files\MyWebSearch\bar\Cache\01364695.bin
    C:\Program Files\MyWebSearch\bar\Cache\01365D81.bin
    C:\Program Files\MyWebSearch\bar\Cache\013664FA.bin
    C:\Program Files\MyWebSearch\bar\Cache\01366AA6.bin
    C:\Program Files\MyWebSearch\bar\Cache\01367142.bin
    C:\Program Files\MyWebSearch\bar\Cache\06586AA8.bin
    C:\Program Files\MyWebSearch\bar\Cache\06587216.bin
    C:\Program Files\MyWebSearch\bar\Cache\0658781D.bin
    C:\Program Files\MyWebSearch\bar\Cache\06587EA5.bin
    C:\Program Files\MyWebSearch\bar\Cache\243110B8
    C:\Program Files\MyWebSearch\bar\Cache\files.ini
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
    C:\Program Files\MyWebSearch\bar\History\search2
    C:\Program Files\MyWebSearch\bar\icons\CM.ICO
    C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
    C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
    C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
    C:\Program Files\MyWebSearch\bar\icons\WB.ICO
    C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
    C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    C:\WINDOWS\system32\f3PSSavr.scr
    C:\Program Files\MyWebSearch

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
    .

    2007-11-02 18:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-01 22:52 <DIR> d--hs---- C:\FOUND.007
    2007-11-01 10:03 <DIR> d-------- C:\Program Files\VirusRanger
    2007-11-01 09:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-01 09:13 <DIR> d-------- C:\Program Files\Video Add-on
    2007-10-10 08:19 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-28 13:18 20,528 ----a-w C:\Documents and Settings\Shell Day\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-08 13:46 --------- d-----w C:\Program Files\FrostWire
    2007-09-25 13:12 --------- d-----w C:\Program Files\iTunes
    2007-09-25 13:12 --------- d-----w C:\Program Files\iPod
    2007-09-25 13:10 --------- d-----w C:\Program Files\Common Files\Apple
    2007-09-25 13:01 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-25 13:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-08-22 13:12 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
    2007-08-22 13:12 658,944 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-22 13:12 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-22 13:12 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-22 13:12 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-22 13:12 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-08-22 13:12 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-22 13:12 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-08-22 13:12 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-08-22 13:12 3,058,176 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-22 13:12 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-08-22 13:12 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-22 13:12 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-22 13:12 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-08-22 13:12 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-22 13:12 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-08-22 13:12 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
    2007-08-22 13:12 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-08-21 10:30 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}]
    C:\Program Files\Video Add-on\isfmdl.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]

    [HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]

    [HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 04:28]
    "F-Secure Manager"="C:\Program Files\WildBlue Security Center\Common\FSM32.exe" [2005-10-25 20:51]
    "F-Secure TNB"="C:\Program Files\WildBlue Security Center\TNB\TNBUtil.exe" [2005-07-18 09:51]
    "F-Secure Startup Wizard"="C:\Program Files\WildBlue Security Center\FSGUI\FSSW.exe" [2005-10-18 03:29]
    "News Service"="C:\Program Files\WildBlue Security Center\FSGUI\ispnews.exe" [2005-05-31 07:45]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-23 10:16]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 20:34]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

    C:\Documents and Settings\Shell Day\Start Menu\Programs\Startup\
    V CAST Music Monitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe [2005-11-30 11:32:10]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    WildBlue Security Center.lnk - C:\Program Files\WildBlue Security Center\backweb\4247706\Program\fspex.exe [2007-07-16 16:15:50]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F}"= C:\WINDOWS\system32\wbeconm.dll [ ]
    "{41591d7f-9e25-4bd0-af53-9908fcf3a738}"= C:\WINDOWS\system32\yneid.dll [2005-04-29 22:28 12800]

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
    R2 BackWeb Plug-in - 4247706;WildBlue Security Center;C:\PROGRA~1\WILDBL~1\backweb\4247706\Program\SERVIC~1.EXE
    R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\WildBlue Security Center\Anti-Virus\Win2K\FSfilter.sys
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\WildBlue Security Center\Anti-Virus\Win2K\FSgk.sys
    R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\WildBlue Security Center\Anti-Virus\Win2K\FSrec.sys
    R2 WUSB54GSCSVC;WUSB54GSCSVC;"C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe" "WUSB54GSC.exe"
    R3 Dvd43;Dvd43;C:\WINDOWS\system32\DRIVERS\Dvd43.sys
    S3 3dfxvs;3dfxvs;C:\WINDOWS\system32\DRIVERS\3dfxvsm.sys
    S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{985fb151-a03d-11da-b910-ffd282a2ebda}]
    \Shell\AutoRun\command - G:\setupSNK.exe

    *Newly Created Service* - GTNDIS5
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-03 00:05:22 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    "2007-11-02 08:00:04 C:\WINDOWS\Tasks\SpywareRemover Scheduled Scan.job"
    - C:\Program Files\SpywareRemover\SpywareRemover.exe
    "2007-10-31 14:08:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-02 19:29:17
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-02 19:33:27 - machine was rebooted
    .
    --- E O F ---
     
  2. shelldy

    shelldy Thread Starter

    Joined:
    Nov 2, 2007
    Messages:
    3
    Hey my computer saviors,

    Please save my computer. I had this nasty yellow triangle with an ! blinking and telling me that I had some type of spyware virus. I logged onto your site and ran a fix combofix ( this was from someone else's post). The report is below. I also ran a scan from superantispyware, nothing was found. Then I ran an F secure scan it found one virus, quarntined that and then deleted it. Then I ran an AVG virus scan it found nothing. But I am still getting a blue shield with a red flashing x saying that I have several files affected with spyware. My computer seems to be working fine, but the pop-up balloon is making me nervous. I know I need to run a Hijack This program, but I don't know how to do it.

    Can you please help me? My system runs on Win XP. thanks in advance.

    omboFix 07-11-01.1** - Shell Day 2007-11-02 19:05:13.1 - FAT32x86
    Running from: C:\Documents and Settings\Shell Day\Local Settings\Temporary Internet Files\Content.IE5\G963SLYN\ComboFix[1].exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn-new.htmlx
    C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
    C:\Program Files\internet explorer\msimg32.dll
    C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Cache\000A8E52
    C:\Program Files\MyWebSearch\bar\Cache\001068BA
    C:\Program Files\MyWebSearch\bar\Cache\013638C5
    C:\Program Files\MyWebSearch\bar\Cache\01364695.bin
    C:\Program Files\MyWebSearch\bar\Cache\01365D81.bin
    C:\Program Files\MyWebSearch\bar\Cache\013664FA.bin
    C:\Program Files\MyWebSearch\bar\Cache\01366AA6.bin
    C:\Program Files\MyWebSearch\bar\Cache\01367142.bin
    C:\Program Files\MyWebSearch\bar\Cache\06586AA8.bin
    C:\Program Files\MyWebSearch\bar\Cache\06587216.bin
    C:\Program Files\MyWebSearch\bar\Cache\0658781D.bin
    C:\Program Files\MyWebSearch\bar\Cache\06587EA5.bin
    C:\Program Files\MyWebSearch\bar\Cache\243110B8
    C:\Program Files\MyWebSearch\bar\Cache\files.ini
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
    C:\Program Files\MyWebSearch\bar\History\search2
    C:\Program Files\MyWebSearch\bar\icons\CM.ICO
    C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
    C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
    C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
    C:\Program Files\MyWebSearch\bar\icons\WB.ICO
    C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
    C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    C:\WINDOWS\system32\f3PSSavr.scr
    C:\Program Files\MyWebSearch

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
    .

    2007-11-02 18:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-01 22:52 <DIR> d--hs---- C:\FOUND.007
    2007-11-01 10:03 <DIR> d-------- C:\Program Files\VirusRanger
    2007-11-01 09:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-01 09:13 <DIR> d-------- C:\Program Files\Video Add-on
    2007-10-10 08:19 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-28 13:18 20,528 ----a-w C:\Documents and Settings\Shell Day\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-08 13:46 --------- d-----w C:\Program Files\FrostWire
    2007-09-25 13:12 --------- d-----w C:\Program Files\iTunes
    2007-09-25 13:12 --------- d-----w C:\Program Files\iPod
    2007-09-25 13:10 --------- d-----w C:\Program Files\Common Files\Apple
    2007-09-25 13:01 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-25 13:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-08-22 13:12 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
    2007-08-22 13:12 658,944 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-22 13:12 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-22 13:12 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-22 13:12 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-22 13:12 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-08-22 13:12 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-22 13:12 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-08-22 13:12 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-08-22 13:12 3,058,176 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-22 13:12 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-08-22 13:12 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-22 13:12 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-22 13:12 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-08-22 13:12 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-22 13:12 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-08-22 13:12 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
    2007-08-22 13:12 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-08-21 10:30 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}]
    C:\Program Files\Video Add-on\isfmdl.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]

    [HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]

    [HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 04:28]
    "F-Secure Manager"="C:\Program Files\WildBlue Security Center\Common\FSM32.exe" [2005-10-25 20:51]
    "F-Secure TNB"="C:\Program Files\WildBlue Security Center\TNB\TNBUtil.exe" [2005-07-18 09:51]
    "F-Secure Startup Wizard"="C:\Program Files\WildBlue Security Center\FSGUI\FSSW.exe" [2005-10-18 03:29]
    "News Service"="C:\Program Files\WildBlue Security Center\FSGUI\ispnews.exe" [2005-05-31 07:45]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-23 10:16]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 20:34]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

    C:\Documents and Settings\Shell Day\Start Menu\Programs\Startup\
    V CAST Music Monitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe [2005-11-30 11:32:10]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    WildBlue Security Center.lnk - C:\Program Files\WildBlue Security Center\backweb\4247706\Program\fspex.exe [2007-07-16 16:15:50]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F}"= C:\WINDOWS\system32\wbeconm.dll [ ]
    "{41591d7f-9e25-4bd0-af53-9908fcf3a738}"= C:\WINDOWS\system32\yneid.dll [2005-04-29 22:28 12800]

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
    R2 BackWeb Plug-in - 4247706;WildBlue Security Center;C:\PROGRA~1\WILDBL~1\backweb\4247706\Program\SERVIC~1.EXE
    R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\WildBlue Security Center\Anti-Virus\Win2K\FSfilter.sys
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\WildBlue Security Center\Anti-Virus\Win2K\FSgk.sys
    R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\WildBlue Security Center\Anti-Virus\Win2K\FSrec.sys
    R2 WUSB54GSCSVC;WUSB54GSCSVC;"C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe" "WUSB54GSC.exe"
    R3 Dvd43;Dvd43;C:\WINDOWS\system32\DRIVERS\Dvd43.sys
    S3 3dfxvs;3dfxvs;C:\WINDOWS\system32\DRIVERS\3dfxvsm.sys
    S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{985fb151-a03d-11da-b910-ffd282a2ebda}]
    \Shell\AutoRun\command - G:\setupSNK.exe

    *Newly Created Service* - GTNDIS5
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-03 00:05:22 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    "2007-11-02 08:00:04 C:\WINDOWS\Tasks\SpywareRemover Scheduled Scan.job"
    - C:\Program Files\SpywareRemover\SpywareRemover.exe
    "2007-10-31 14:08:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-02 19:29:17
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-02 19:33:27 - machine was rebooted
    .
    --- E O F ---
     
  3. shelldy

    shelldy Thread Starter

    Joined:
    Nov 2, 2007
    Messages:
    3
    I also have just complete a HijackThis scan. Here is the log

    Logfile of HijackThis v1.99.1
    Scan saved at 8:41:53 AM, on 11/3/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\WILDBL~1\backweb\4247706\Program\SERVIC~1.EXE
    C:\Program Files\WildBlue Security Center\Anti-Virus\fsgk32st.exe
    C:\Program Files\WildBlue Security Center\Anti-Virus\FSGK32.EXE
    C:\Program Files\WildBlue Security Center\backweb\4247706\program\fsbwsys.exe
    C:\Program Files\WildBlue Security Center\Common\FSMA32.EXE
    C:\Program Files\WildBlue Security Center\Anti-Virus\fssm32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\WildBlue Security Center\Common\FSMB32.EXE
    C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
    C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
    C:\Program Files\WildBlue Security Center\Common\FCH32.EXE
    C:\Program Files\WildBlue Security Center\Common\FAMEH32.EXE
    C:\Program Files\WildBlue Security Center\Anti-Virus\fsqh.exe
    C:\Program Files\WildBlue Security Center\Anti-Virus\fsrw.exe
    C:\Program Files\WildBlue Security Center\backweb\4247706\Program\fspex.exe
    C:\Program Files\WildBlue Security Center\FWES\Program\fsdfwd.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\WildBlue Security Center\Common\FSM32.EXE
    C:\Program Files\WildBlue Security Center\FSGUI\ispnews.exe
    C:\Program Files\WildBlue Security Center\Anti-Virus\fsav32.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\WILDBL~1\ANTI-S~1\fsaw.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\WildBlue Security Center\FSGUI\fsguidll.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Downloads\HiJackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.academicplanet.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\WildBlue Security Center\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\WildBlue Security Center\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\WildBlue Security Center\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\WildBlue Security Center\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WildBlue Security Center.lnk = C:\Program Files\WildBlue Security Center\backweb\4247706\Program\fspex.exe
    O8 - Extra context menu item: &Block this popup - C:\Program Files\WildBlue Security Center\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\WildBlue Security Center\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\WildBlue Security Center\Anti-Spyware\ieshield.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: PlanetChat - {3CC5921E-A77D-4CA6-9195-4F87C88BC968} - http://www.academicplanet.com/chat2.asp (file missing) (HKCU)
    O9 - Extra button: PageMagic - {A7328D0B-8570-4806-8B5B-4CFB8166EDFB} - http://www.academicplanet.com/pagebuilder.asp (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.academicplanet.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1114834431050
    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: WildBlue Security Center (BackWeb Plug-in - 4247706) - BackWeb Technologies Inc. - C:\PROGRA~1\WILDBL~1\backweb\4247706\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\WildBlue Security Center\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\WildBlue Security Center\backweb\4247706\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\WildBlue Security Center\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\WildBlue Security Center\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: WUSB54GSCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe" "WUSB54GSC.exe (file missing)
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,269
    Hi and welcome to TSG,

    I've merged both threads together in order to get the HijackThis log.


    Please download SmitfraudFix (by S!Ri)

    Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop.


    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm

    Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/647112

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice