Vundo Virtumonde returning HJT log included

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rustedhalo

Thread Starter
Joined
Oct 24, 2007
Messages
7
OK, so I was getting help from MFDnNC and they were quite helpful until I guess their privs were removed. So I'm reposting my logs here in hopes of getting further help.

My initial HJT log followed by a ComboFix and then SUPERAntiSpyware log and then a HJT log I ran after a reboot. Thanks in advance for any and all help provided.



Logfile of HijackThis v1.99.1
Scan saved at 4:08:18 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [Teoe] "C:\WINDOWS\MCROSO~1\chkntfs.exe" -vt yazb
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F68F2710-8E7A-4C42-965D-5F827583C974}: NameServer = 192.168.2.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe




--------------------------------------ComboFix Log----------------------------------------



ComboFix 07-10-25.1 - RUST3DHAL0 2007-10-26 16:11:06.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1300 [GMT -7:00]
Running from: C:\Documents and Settings\RUST3DHAL0\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\hjjlm.tmp
C:\WINDOWS\system32\xycdd.bak1
C:\WINDOWS\system32\xycdd.ini

.
((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))
.

2007-10-24 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-24 20:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-24 20:06 <DIR> d-------- C:\Documents and Settings\RUST3DHAL0\Application Data\SUPERAntiSpyware.com
2007-10-24 19:28 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 17:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2007-10-23 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-10-22 18:35 <DIR> d-------- C:\Program Files\Adsense Helper Object
2007-10-22 18:25 35,328 --a------ C:\WINDOWS\system32\qommnlm.dll
2007-10-22 16:37 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-10-22 16:37 <DIR> d-------- C:\Documents and Settings\RUST3DHAL0\Application Data\PC Tools
2007-10-22 16:37 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-22 16:37 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-22 16:37 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-22 16:37 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-10-22 16:37 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-22 14:51 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-22 14:50 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-22 14:50 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-10-22 14:50 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-10-21 16:37 <DIR> d-------- C:\Program Files\LucasArts
2007-10-21 16:33 34,304 --a------ C:\WINDOWS\system32\mljkllk.dll
2007-10-21 16:25 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-08 01:23 <DIR> d-------- C:\Documents and Settings\RUST3DHAL0\My Games
2007-10-08 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Microsoft
2007-10-07 23:18 <DIR> d-------- C:\Program Files\id Software
2007-10-03 19:30 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-09-26 22:53 <DIR> d-------- C:\Program Files\iTunes
2007-09-26 22:53 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 23:16 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\BitTorrent DNA
2007-10-25 03:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-23 22:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-22 23:17 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\uTorrent
2007-10-22 04:28 --------- d-----w C:\Program Files\Visioneer OneTouch
2007-09-19 06:59 --------- d-----w C:\Program Files\BitTorrent_DNA
2007-09-18 04:13 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\Ahead
2007-09-16 09:33 --------- d-----w C:\Program Files\Java
2007-09-16 09:33 --------- d-----w C:\Program Files\Common Files\Java
2007-09-15 14:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-09-14 06:37 --------- d-----w C:\Program Files\Hewlett-Packard
2007-09-14 06:36 --------- d-----w C:\Program Files\hp deskjet 3320 series
2007-09-14 06:10 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\Bioshock
2007-09-13 14:38 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-13 13:54 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-13 13:51 --------- d-----w C:\Program Files\2K Games
2007-09-12 11:37 --------- d-----w C:\Program Files\Wireless LAN
2007-09-12 09:48 --------- d-----w C:\Program Files\AirLink101
2007-09-11 11:56 --------- d-----w C:\Program Files\WinTV
2007-09-08 10:47 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-08 10:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-08 10:28 --------- d-----w C:\Program Files\Ahead
2007-09-08 10:24 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-08 10:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-08 10:17 --------- d-----w C:\Program Files\DVD Decrypter
2007-09-08 09:50 --------- d-----w C:\Program Files\Unreal Tournament 2004
2007-09-08 07:39 --------- d-----w C:\Program Files\Lavasoft
2007-09-08 07:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-08 07:32 --------- d-----w C:\Program Files\uTorrent
2007-09-08 07:31 --------- d-----w C:\Program Files\BitTorrent
2007-09-08 06:17 --------- d-----w C:\Program Files\Stardock
2007-09-08 06:17 --------- d-----w C:\Program Files\Common Files\Stardock
2007-09-08 05:12 --------- d-----w C:\Program Files\InterActual
2007-09-08 05:08 --------- d-----w C:\Program Files\Xvid
2007-09-08 05:03 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\DivX
2007-09-08 04:57 --------- d-----w C:\Program Files\DivX
2007-09-08 04:55 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\vlc
2007-09-08 04:39 --------- d-----w C:\Program Files\VideoLAN
2007-09-07 12:40 --------- d-----w C:\Program Files\QuickTime
2007-09-07 12:40 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\Apple Computer
2007-09-07 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-07 12:39 --------- d-----w C:\Program Files\Common Files\Apple
2007-09-07 12:39 --------- d-----w C:\Program Files\Apple Software Update
2007-09-07 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-07 12:18 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-07 12:16 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-07 11:53 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-09-07 11:53 --------- d-----w C:\Program Files\Realtek
2007-09-07 11:26 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-07 11:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-08-15 22:30 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-08-15 22:30 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 02:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2001-09-10 16:00 139,264 ----a-w C:\WINDOWS\inf\i386\Rtscan.dll
2001-09-10 15:10 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2001-08-18 01:43 32,768 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
2001-08-04 01:29 13,824 ----a-w C:\WINDOWS\inf\i386\usbscan.sys
2001-06-29 15:10 163,840 ----a-w C:\WINDOWS\inf\i386\viceo.dll
.

((((((((((((((((((((((((((((( [email protected]_19.59.19.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-25 03:07:09 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-10-25 03:07:09 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-10-25 03:07:09 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6B1F430-52B5-4478-9FC6-A94F79D423C3}]
2007-10-21 16:33 34304 --a------ C:\WINDOWS\system32\mljkllk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 06:03]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 06:03]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-18 20:12 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 15:56]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2001-09-10 08:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-17 12:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-09-08 00:31]
"Teoe"="C:\WINDOWS\MCROSO~1\chkntfs.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\RUST3DHAL0\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-09-07 23:17:38]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-08 03:37:32]
IEEE 802.11g USB Wireless LAN Utility.lnk - C:\Program Files\Wireless LAN\WlanUtil.exe [2007-09-12 04:37:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F6B1F430-52B5-4478-9FC6-A94F79D423C3}"= C:\WINDOWS\system32\mljkllk.dll [2007-10-21 16:33 34304]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkllk]
mljkllk.dll 2007-10-21 16:33 34304 C:\WINDOWS\system32\mljkllk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-05 17:36 140976 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS
S3 ZD1211U(WLAN);IEEE 802.11g USB Wireless LAN Driver(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 22:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-26 16:19:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-26 16:20:33 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-25 18:53
C:\ComboFix3.txt ... 2007-10-24 20:00
.
--- E O F ---



-------------------------------SUPERAntiSpyware Log-----------------------------------------------



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/26/2007 at 04:40 PM

Application Version : 3.9.1008

Core Rules Database Version : 3330
Trace Rules Database Version: 1331

Scan type : Complete Scan
Total Scan Time : 00:15:15

Memory items scanned : 411
Memory threats detected : 1
Registry items scanned : 4546
Registry threats detected : 5
File items scanned : 22078
File threats detected : 3

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\DDAYX.DLL
C:\WINDOWS\SYSTEM32\DDAYX.DLL
HKLM\Software\Classes\CLSID\{81AA21DA-1B41-4B50-9BB9-970CA507A489}
HKCR\CLSID\{81AA21DA-1B41-4B50-9BB9-970CA507A489}
HKCR\CLSID\{81AA21DA-1B41-4B50-9BB9-970CA507A489}\InprocServer32
HKCR\CLSID\{81AA21DA-1B41-4B50-9BB9-970CA507A489}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81AA21DA-1B41-4B50-9BB9-970CA507A489}

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\XYADD.BAK1
C:\WINDOWS\SYSTEM32\YBADD.INI



-------------------------------------Final HJT Log----------------------------------------------------



Logfile of HijackThis v1.99.1
Scan saved at 4:50:06 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1EE54099-3510-4FC0-A365-91879C026584} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {F6B1F430-52B5-4478-9FC6-A94F79D423C3} - C:\WINDOWS\system32\mljkllk.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [Teoe] "C:\WINDOWS\MCROSO~1\chkntfs.exe" -vt yazb
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F68F2710-8E7A-4C42-965D-5F827583C974}: NameServer = 192.168.2.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mljkllk - C:\WINDOWS\SYSTEM32\mljkllk.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
 
Joined
Sep 8, 2005
Messages
9,113
You still have some leftover vundo.

Please download the attached file named CFScript.txt and Save it to your Desktop.



Refering to the picture above, drag CFScript.txt into ComboFix.exe


In your next reply, please post a fresh Combofix log and a fresh Hijackthis log.


Do not run on any other computer!!!! The Attached file CFScript.txt is created for this specfic computer. Running it on another system could cause it to crash or worse.


=====================================

Please perform a scan with Kaspersky Webscan Online Virus Scanner
1. Click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
2. Read the Requirements and Privacy statement, then select "Accept".
3. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
4. Click "Yes or select "Install" to download the ActiveX controls that allows ActiveScan to run.
5. When the download is complete it will say ready, click "Next".
6. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
7. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
8. Click "OK".
9. Under "Select a target to scan", click on "My Computer".
10. When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
 

Attachments

rustedhalo

Thread Starter
Joined
Oct 24, 2007
Messages
7
ComboFix 07-10-25.1 - RUST3DHAL0 2007-10-26 18:24:42.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1549 [GMT -7:00]
Running from: C:\Documents and Settings\RUST3DHAL0\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\RUST3DHAL0\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\mljkllk.dll
C:\WINDOWS\system32\qommnlm.dll
.

((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.

2007-10-24 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-24 20:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-24 20:06 <DIR> d-------- C:\Documents and Settings\RUST3DHAL0\Application Data\SUPERAntiSpyware.com
2007-10-24 19:28 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 17:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2007-10-23 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-10-22 18:35 <DIR> d-------- C:\Program Files\Adsense Helper Object
2007-10-22 16:37 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-10-22 16:37 <DIR> d-------- C:\Documents and Settings\RUST3DHAL0\Application Data\PC Tools
2007-10-22 16:37 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-22 16:37 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-22 16:37 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-22 16:37 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-10-22 16:37 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-22 14:51 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-22 14:50 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-22 14:50 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-10-22 14:50 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-10-21 16:37 <DIR> d-------- C:\Program Files\LucasArts
2007-10-21 16:25 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-08 01:23 <DIR> d-------- C:\Documents and Settings\RUST3DHAL0\My Games
2007-10-08 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Microsoft
2007-10-07 23:18 <DIR> d-------- C:\Program Files\id Software
2007-10-03 19:30 <DIR> d-------- C:\WINDOWS\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-27 01:16 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\BitTorrent DNA
2007-10-25 03:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-23 22:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-22 23:17 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\uTorrent
2007-10-22 04:28 --------- d-----w C:\Program Files\Visioneer OneTouch
2007-09-27 05:53 --------- d-----w C:\Program Files\iTunes
2007-09-27 05:53 --------- d-----w C:\Program Files\iPod
2007-09-19 06:59 --------- d-----w C:\Program Files\BitTorrent_DNA
2007-09-18 04:13 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\Ahead
2007-09-16 09:33 --------- d-----w C:\Program Files\Java
2007-09-16 09:33 --------- d-----w C:\Program Files\Common Files\Java
2007-09-15 14:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-09-14 06:37 --------- d-----w C:\Program Files\Hewlett-Packard
2007-09-14 06:36 --------- d-----w C:\Program Files\hp deskjet 3320 series
2007-09-14 06:10 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\Bioshock
2007-09-13 14:38 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-13 13:54 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-13 13:51 --------- d-----w C:\Program Files\2K Games
2007-09-12 11:37 --------- d-----w C:\Program Files\Wireless LAN
2007-09-12 09:48 --------- d-----w C:\Program Files\AirLink101
2007-09-11 11:56 --------- d-----w C:\Program Files\WinTV
2007-09-08 10:47 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-08 10:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-08 10:28 --------- d-----w C:\Program Files\Ahead
2007-09-08 10:24 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-08 10:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-08 10:17 --------- d-----w C:\Program Files\DVD Decrypter
2007-09-08 09:50 --------- d-----w C:\Program Files\Unreal Tournament 2004
2007-09-08 07:39 --------- d-----w C:\Program Files\Lavasoft
2007-09-08 07:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-08 07:32 --------- d-----w C:\Program Files\uTorrent
2007-09-08 07:31 --------- d-----w C:\Program Files\BitTorrent
2007-09-08 06:17 --------- d-----w C:\Program Files\Stardock
2007-09-08 06:17 --------- d-----w C:\Program Files\Common Files\Stardock
2007-09-08 05:12 --------- d-----w C:\Program Files\InterActual
2007-09-08 05:08 --------- d-----w C:\Program Files\Xvid
2007-09-08 05:03 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\DivX
2007-09-08 04:57 --------- d-----w C:\Program Files\DivX
2007-09-08 04:55 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\vlc
2007-09-08 04:39 --------- d-----w C:\Program Files\VideoLAN
2007-09-07 12:40 --------- d-----w C:\Program Files\QuickTime
2007-09-07 12:40 --------- d-----w C:\Documents and Settings\RUST3DHAL0\Application Data\Apple Computer
2007-09-07 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-07 12:39 --------- d-----w C:\Program Files\Common Files\Apple
2007-09-07 12:39 --------- d-----w C:\Program Files\Apple Software Update
2007-09-07 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-07 12:18 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-07 12:16 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-07 11:53 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-09-07 11:53 --------- d-----w C:\Program Files\Realtek
2007-09-07 11:26 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-07 11:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-08-15 22:30 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-08-15 22:30 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 02:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2001-09-10 16:00 139,264 ----a-w C:\WINDOWS\inf\i386\Rtscan.dll
2001-09-10 15:10 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2001-08-18 01:43 32,768 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
2001-08-04 01:29 13,824 ----a-w C:\WINDOWS\inf\i386\usbscan.sys
2001-06-29 15:10 163,840 ----a-w C:\WINDOWS\inf\i386\viceo.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\All Users\Application Data\SecTaskMan ----

2007-10-23 18:45 316 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\mgrs.exe.q_2CF2E00_q.ini
2007-10-23 18:45 2394 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\_win1A.exe101E5200
2007-10-23 18:43 317 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\mljkllk.dll.q_8048600_q.ini
2007-10-23 18:42 319 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\kctvcuag.dll.q_8042E41_q.ini
2007-10-23 18:33 964 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_D6461317C3DC4F04799BDCE9E42626FE
2007-10-23 18:33 964 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_9473DBE3E403C4A459570CE0F5102571
2007-10-23 18:33 919 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE
2007-10-23 18:33 907 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll
2007-10-23 18:33 744 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7448A0100000030.dll
2007-10-23 18:33 74 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002.dll
2007-10-23 18:33 716 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7448A0100000030
2007-10-23 18:33 653 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_AA098A591B3B6B44C9818A7FBAE37ECF
2007-10-23 18:33 634 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_C9DC9FF7C0E6264469074F42CD3BD2FA
2007-10-23 18:33 594 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_9473DBE3E403C4A459570CE0F5102571.dll
2007-10-23 18:33 574 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_67440FEAAF152F14080FA09D0B624FA6
2007-10-23 18:33 571 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002
2007-10-23 18:33 545 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A
2007-10-23 18:33 539 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE
2007-10-23 18:33 538 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_04D96FE49CD4E584593D1B2CF212F88C
2007-10-23 18:33 522 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0
2007-10-23 18:33 522 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2
2007-10-23 18:33 522 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9
2007-10-23 18:33 522 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4F6199385B8D7044EBD6D6E49B9DA64F
2007-10-23 18:33 522 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_42CBECC7BD2608248ACEFB4AF9619702
2007-10-23 18:33 41 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9.dll
2007-10-23 18:33 3895 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_D6461317C3DC4F04799BDCE9E42626FE.dll
2007-10-23 18:33 36 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_04D96FE49CD4E584593D1B2CF212F88C.dll
2007-10-23 18:33 3333 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_AA098A591B3B6B44C9818A7FBAE37ECF.dll
2007-10-23 18:33 26 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2.dll
2007-10-23 18:33 2308 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_C9DC9FF7C0E6264469074F42CD3BD2FA.dll
2007-10-23 18:33 227 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE.dll
2007-10-23 18:33 223 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4F6199385B8D7044EBD6D6E49B9DA64F.dll
2007-10-23 18:33 152 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
2007-10-23 18:33 133 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_67440FEAAF152F14080FA09D0B624FA6.dll
2007-10-23 18:33 122 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_42CBECC7BD2608248ACEFB4AF9619702.dll
2007-10-23 18:33 1180 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A.dll
2007-10-23 18:16 11776 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\mgrs.exe.q_2CF2E00_q
2007-10-22 04:47 77376 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\kctvcuag.dll.q_8042E41_q
2004-08-03 16:56 708096 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
2004-08-03 16:56 616960 --a------ C:\Documents and Settings\All Users\Application Data\SecTaskMan\_entreelist.dll

---- Directory of C:\Program Files\Adsense Helper Object ----

2007-10-22 18:35 26112 --a------ C:\Program Files\Adsense Helper Object\aho.v5.dll


((((((((((((((((((((((((((((( [email protected]_19.59.19.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-25 03:07:09 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-10-25 03:07:09 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-10-25 03:07:09 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EE54099-3510-4FC0-A365-91879C026584}]
C:\WINDOWS\system32\ddayx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 06:03]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 06:03]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-18 20:12 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 15:56]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2001-09-10 08:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-17 12:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-09-08 00:31]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\RUST3DHAL0\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-09-07 23:17:38]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-08 03:37:32]
IEEE 802.11g USB Wireless LAN Utility.lnk - C:\Program Files\Wireless LAN\WlanUtil.exe [2007-09-12 04:37:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-05 17:36 140976 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
R3 ZD1211U(WLAN);IEEE 802.11g USB Wireless LAN Driver(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.sys
R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 22:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-26 18:25:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-26 18:26:09
C:\ComboFix2.txt ... 2007-10-26 17:56
C:\ComboFix3.txt ... 2007-10-26 16:20
.
--- E O F ---












Logfile of HijackThis v1.99.1
Scan saved at 6:32:12 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1EE54099-3510-4FC0-A365-91879C026584} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F68F2710-8E7A-4C42-965D-5F827583C974}: NameServer = 192.168.2.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
 
Joined
Sep 8, 2005
Messages
9,113
Run HijackThis, and press "Do a System Scan Only".
1. When the scan is complete place a check mark next to the following entries:

O2 - BHO: (no name) - {1EE54099-3510-4FC0-A365-91879C026584} - C:\WINDOWS\system32\ddayx.dll (file missing)

2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...



How is everything running???
 

rustedhalo

Thread Starter
Joined
Oct 24, 2007
Messages
7
Everything seems to be running A-OK. I let some apps run for a while to make sure they didn't crash. Internet browsing seems smooth with no pop-ups. I just finished watching a DVD as my media player was affected...everything seems good. I thank you for your quick response time and all your help.

Take Care,
Danny
 
Joined
Sep 8, 2005
Messages
9,113
Your log is clean!!!!! (y)


Lets remove the tools, i had you downloaded. Delete the following files and folders:
C:\QooBox

On your Desktop
ComboFix.exe


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u3.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version.



Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.

======================================

Here is some useful information on keeping your computer clean:
  1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
  2. If you don't have a Firewall installed, please choose from the following:
  3. If you don't have a Anti-Virus installed, please download the following free program:
  4. Here are two great Preventive programs:
    • SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
    • IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
  5. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
    • Red for Warning
    • Yellow for Use Caution
    • Green for Safe
    • Grey for Unknown

    Here are the link to install SiteAdisor in Internet Explorer and Firefox
  6. Anti-Spyware Programs I Recommend:
  7. For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place]
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top