Will Someone PLease Help Me, Posted 2 days ago.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

AlexandriaZ

Thread Starter
Joined
Oct 4, 2006
Messages
77
I have severe computer problems, I logged on yesterday and while I was waiting for a page to change it went blue, said Technical Information: "STOP: 0x0000007A" followed by three more string of numbers then: " NTFS.Sys Address: F9A45000, DateStamp 45cc56a7, I read the instructions it listed, turned off my PC then started it up again, it was fine except I kept getting the pop up in my task bar saying "security warning, viruses have been detected. download antivirus program to remove" something like that, I ran scans and found a few things, quarantined them and turned off my PC, this morning after turning it on it turned blue again, saying the say thing but this time had different string of numbers, said something about software or hardware installation maybe causing problems, only thing Ive installed new is my new printer,it did have a yellow ! next to it in some file, said it had an error and I should uninstall it so i did. I did this in safe mode. When I rebooted it this time my PC totally freaked out!! My desktop came on as it normally does, all programs loaded up, then all of a sudden my screen went white, then my desktop went red and it turned into something else, like a whole new desktop but it wasnt mine, it had a BioHazard symbol in the middle of page/desktop and it said your privacy is in Danger, I thought it had hijacked my desktop but then I noticed the little hand instead of a pointer and knew it wanted me to click on somewhere on the desktop so it could download itself , I found the hidden bar up top of screen and existed it but this box kept popping up saying "SuperAntispyware has detected your home page has changed, blah blah blah, " i had a choice to allow the change from MSN home page to spyreferralsomething" or block it, I kept clicking the block it button but it kept popping up every few seconds, then I kept getting internet explorer pages trying to open on their own, then SpyShredder kept coming on sayin I have win32.Dialer.cj, Net-Worm win32MyTob.u , VBS\Kakworm and win32\Def.AKI Trojan viruses. I went back into safe mode and ran every spyware I had, every adware I had, antivirus, Spybot Search and Destroy found two more trojans but didnt write their names down. I used SUPER Anti spyware and quarantined what I had found ,but this last time when I logged back onto my PC, my normal Windows XP loading came on, but then screen went red again, then went to my normal desktop picture and then went white, I have no wallpaper or screensaver there anymore, Im afraid I may have removed something I shouldnt have. the box saying my home page had been changed came on once but I existed it and it hasnt came back on yet, and Im able to log onto the internet, no pages coming up, no more Spy Shredder but now I get Window Explorer Alert! |||:C:\Windows\Privacy_danger|index\hmtl" cannot be found, then I get one more box that says "|url|Dispatcher.dll is not a valid windows image" I got that when I went to check my AOL Safety and Security Center, tried to turn on my parental controls and my firewall because its been turned off and I get that message each time. Did I accidentally delete some important files? I know my older boys have been going to improper websites, adult sites and I believe this is what caused my troubles in the very beginning, how can I turn back on my parental controls???? Can anyone help me!!! My computer crashed once before and I lost everything so this blue screen scares me. If anyone can provide any assistance with t his problem I would greatful.
thanks in advance.
 

AlexandriaZ

Thread Starter
Joined
Oct 4, 2006
Messages
77
Heres my very first SuperAnti spyware scan logs before any scans

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/17/2007 at 05:34 PM

Application Version : 3.8.1002

Core Rules Database Version : 3242
Trace Rules Database Version: 1253

Scan type : Quick Scan
Total Scan Time : 00:35:25

Memory items scanned : 673
Memory threats detected : 5
Registry items scanned : 805
Registry threats detected : 47
File items scanned : 15347
File threats detected : 132

Adware.MyWebSearch
C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
[MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
[MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-602162358-1958367476-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-602162358-1958367476-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\Programmable
C:\WINDOWS\Prefetch\MWSOEMON.EXE-22AAA5A1.pf

Trojan.Media-Codec/V3
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMAIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMAIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMN.EXE
[user32.dll] C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMN.EXE
[rare] C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMAIN.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5DDE5591-A8AB-4897-93EF-1E4E943F85A7}
HKCR\CLSID\{5DDE5591-A8AB-4897-93EF-1E4E943F85A7}
HKCR\CLSID\{5DDE5591-A8AB-4897-93EF-1E4E943F85A7}#xxx
HKCR\CLSID\{5DDE5591-A8AB-4897-93EF-1E4E943F85A7}\InprocServer32
HKCR\CLSID\{5DDE5591-A8AB-4897-93EF-1E4E943F85A7}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESPLG.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}\Implemented Categories
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}\InprocServer32
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESBPL.DLL
HKU\S-1-5-21-602162358-1958367476-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#UninstallString
C:\Program Files\Video ActiveX Access\iesbunst.exe
C:\Program Files\Video ActiveX Access\iesunst.exe
C:\Program Files\Video ActiveX Access\imsunst.exe
C:\Program Files\Video ActiveX Access\ot.ico
C:\Program Files\Video ActiveX Access\ts.ico
C:\Program Files\Video ActiveX Access
C:\WINDOWS\Prefetch\IESMIN.EXE-036E4524.pf
C:\WINDOWS\Prefetch\IESMN.EXE-033DF62E.pf
C:\WINDOWS\Prefetch\IMSMAIN.EXE-0F631905.pf
C:\WINDOWS\Prefetch\IMSMN.EXE-217C3E2D.pf

Adware.Tracking Cookie
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][5].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][3].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][6].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][8].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\kristine [email protected]
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][5].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][3].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][7].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][6].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][3].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][4].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][10].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\kristine [email protected]
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][9].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][4].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][11].txt
C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
C:\Documents and Settings\All Users\Desktop\Security Troubleshooting.url
C:\Documents and Settings\All Users\Desktop\Online Security Guide.url

Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Program Files\Video ActiveX Access\iesmn.exe ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare [ C:\Program Files\Video ActiveX Access\imsmain.exe ]

Malware.SpyLocked
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#UninstallString
 

AlexandriaZ

Thread Starter
Joined
Oct 4, 2006
Messages
77
:eek: PLease forgive as I did post on this 8-19, no one answered me back so I was browsing some other "blue screen" problems and discovered you're not supposed to reply to yourseld since you guys look for posts with '0' replies. Im desperate as Im afraid my hard drive may be on the way out. I'll make this brief. I believe my computer became infected with the win32LookSky virus because SuperAnti virus kept popping up a box saying my home page had been changed and did I want to allow it or block it, then my desktop turned red with a Biohazard symbol in the middle saying something "Privacy Is In Danger, please download..... I ran several scans, managed to get rid of that, no pop up boxes, no more red desk top, my desktop is back to normal but now I keep getting blue screens coming up, had three now, usually after my PC has been idle for awhile. Heres what the very first Stop message said:
KERNEL_DATA_INPAGE_ERROR,
STOP: 0x0000007A, 0xc0389AC8, 0xC000000E, 0xE26B2B24, 0x098F0880
AND NOW IT SAYS:

KERNEL_STACK_INPAGE_ERROR
STOP: 0x00000077, 0xc000000E, xc.00000E, x00000000, 0x0077A000
Beginning dump of physical memory
Ive read that this stop message may be the beginning of the end of my hard drive? or a virus? Im afraid to continue to use my PC, dont want to cause further damage. Does anyone know what I can do to find out whats going on?
again sorry for the duplicate post, didnt know what else to do. :confused:
 

AlexandriaZ

Thread Starter
Joined
Oct 4, 2006
Messages
77
:confused: Not sure if Im doing something wrong but I first posted back on August 19th and havent been replied back to. Ive donated to your site, you've always helped before. I know we're not suppose to repost the same thing but I 'bumped' my original post and my 2nd post and no ones gotten back to me, I keep getting a blue screen, I did have the Trojan w32.LookSky, ran SuperAnti virus, think its gone but still keep getting blue screen, please see my other post for more details. If Ive done something wrong I apologize as I did not mean too. Will someone please tell me what this means:
KERNEL_STACK_INPAGE_ERROR
STOP: 0X00000077, 0XC000000E, 0XC000000E, 0X00000000, OX1D70D00

This site has been a great help in the past, I hope it will be again, cause I dont know much about computers so I do appreciate any and all help, sorry for posting twice but no one ever replied back, even after two post, two bumps and one email message.
thanks
Alexandriaz
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,479
I received your e-mail and yes, you're doing many things wrong. On the previous two occasions we've assisted you, you never followed through until the end and that's likely why you're still having problems and also why no one wants to help you now.

Secondly, your first two posts have such a large block of text with no paragraph breaks that I take one look at that and my brain turns to mush.

Thirdly, you started multiple threads and I've merged them all together here.


I hope that you intend to follow through until the end this time.

Click here and then scroll down to and click on hijackthis self installer to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

AlexandriaZ

Thread Starter
Joined
Oct 4, 2006
Messages
77
Thank you Cookiegal for replying back to me. I do apologize for the ones I didnt follow thru on, I was battling a serious health problem that came and went for many months, it was hard for me to get back on the PC, so I do aplogize for it. I am known to get a little lengthy when I write, its just I had so many things going on I didnt know where to start, i will in the future keep it shorter, starting right now.

Im off to run HJT scan, be back shortly.
thanks again, you all do an AWESOME job here. :)
 

AlexandriaZ

Thread Starter
Joined
Oct 4, 2006
Messages
77
Heres my HJT scan log. I have a scan from the 19th before I ran any spyware or antivirus scans if they would be of any help. also I ran a Panda scan, didnt do anything but save the log, ran it this morning, it showed 10 rootkits, what are those?

Logfile of HijackThis v1.99.1
Scan saved at 12:40:07 PM, on 8/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1136001651\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\AOL\1136001651\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Common Files\AOL\1136001651\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\AOL\1136001651\ee\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\1136001651\ee\aolsoftware.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 3.1\aoltbhelper.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136001651\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1136001651\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1136001651\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [XdriveTrayIcon] "C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save to &Xdrive - res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://alexandriaz.myphotoalbum.com/EasyUploadTool.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://alexandriaz.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96ED5651-B988-4FBB-B3EB-961C1A7F5B71}: NameServer = 172.30.1.60
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = uhi.amerco
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = uhi.amerco
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1136001651\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,479
I would like to see your HijackThis log from the 19th, as you said, before you did the scans and the Panda scan results as well please.

In the meantime though, you can do this:

Please download SmitfraudFix (by S!Ri)

Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop.


Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
 

AlexandriaZ

Thread Starter
Joined
Oct 4, 2006
Messages
77
Ok here is the Smitfraudfix scan. I will post the 8-19th HJT scan and the Panda scan done this morning.

SmitFraudFix v2.216

Scan done at 21:46:07.50, Thu 08/23/2007
Run from C:\Documents and Settings\Kristine Major\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1136001651\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\AOL\1136001651\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Common Files\AOL\1136001651\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\AOL\1136001651\ee\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\1136001651\ee\aolsoftware.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 3.1\aoltbhelper.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kristine Major


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kristine Major\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\KRISTI~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\VideoAccessCodec\ FOUND !
C:\Program Files\VirusProtectPro 3.6\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~3\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 172.30.1.60

Description: Actiontec Gateway #2 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
DNS Server Search Order: 205.171.3.65

HKLM\SYSTEM\CCS\Services\Tcpip\..\{96ED5651-B988-4FBB-B3EB-961C1A7F5B71}: NameServer=172.30.1.60
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E9A0C420-229B-4C56-92DA-4E31EB1B452B}: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS1\Services\Tcpip\..\{96ED5651-B988-4FBB-B3EB-961C1A7F5B71}: NameServer=172.30.1.60
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E9A0C420-229B-4C56-92DA-4E31EB1B452B}: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS3\Services\Tcpip\..\{96ED5651-B988-4FBB-B3EB-961C1A7F5B71}: NameServer=172.30.1.60
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E9A0C420-229B-4C56-92DA-4E31EB1B452B}: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
 

AlexandriaZ

Thread Starter
Joined
Oct 4, 2006
Messages
77
Cookiegal here is my Panda scan.


Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected c:\windows\system32\f3PSSavr.scr
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15-3.inf
Adware:Adware/Comet Not disinfected C:\!KillBox\Screensavers\Installer\bin\siuninst.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kristine Major\Cookies\[email protected][1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Kristine Major\Cookies\[email protected][2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kristine Major\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kristine Major\My Documents\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Kristine Major\My Documents\SmitfraudFix\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kristine Major\My Documents\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Kristine Major\My Documents\SmitfraudFix.zip[SmitfraudFix/restart.exe]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Internet Explorer\msimg32.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Adware:Adware/VideoPlugin Not disinfected C:\SDFix\backups\backups.zip[backups/wmpconf.dll]
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
 

AlexandriaZ

Thread Starter
Joined
Oct 4, 2006
Messages
77
I can't find my first HighJackThis scan done on the 19th, I looked everywhere for it but cant find it. I did another scan when I was browsing on techguy, found someone else who had the Trojanw32.LookSky and ran the scan advised to that person, didnt do make any changes, just ran scans waiting to post them for someone to analyze. hope it helps, sorry about the first HJT scan, if i do find it I'll post that too. this is something called SDFix.


SDFix: Version 1.99

Run by Kristine Major on Wed 08/22/2007 at 01:15 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default IE HomePage
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\wmpconf.dll - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Common Files\\AOL\\1136001651\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1136001651\\EE\\aolsoftware.exe:*:Enabled:AOL Shared Components"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip
Registry Backups: - C:\SDFix\backups\backupreg.zip
Full Registry Backup: - C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

Files with Hidden Attributes:

C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll
C:\Program Files\America Online 9.0\AOLphx.exe
C:\Program Files\America Online 9.0\rbm.exe

Finished

SDFix: Version 1.99

Run by Kristine Major on Wed 08/22/2007 at 01:15 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default IE HomePage
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\wmpconf.dll - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Common Files\\AOL\\1136001651\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1136001651\\EE\\aolsoftware.exe:*:Enabled:AOL Shared Components"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip
Registry Backups: - C:\SDFix\backups\backupreg.zip
Full Registry Backup: - C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

Files with Hidden Attributes:

C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll
C:\Program Files\America Online 9.0\AOLphx.exe
C:\Program Files\America Online 9.0\rbm.exe

Finished


I wanted to let you know that I did remove my son's Nascar 2003 Demo game from my computer, he downloaded that about a week before my PC started having trouble, plus about a month or so ago I installed a new Hewett Packard all in one printer, uninstalled that too cause I wasnt sure if either were the cause of my Blue Screen, havent had a blue screen since yesterday afternoon. I'll wait for further instructions, I have to return to work tomorrow so it will be afternoon before I can return. thanks :)
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,479
Please don't run anything else that I haven't asked for.


You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

If the tool detects that you have a DNS hijack, it will prompt you to reconfigure the network in DHCP.

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt
 

AlexandriaZ

Thread Starter
Joined
Oct 4, 2006
Messages
77
Ok no more scan running unless requested to do so. :)

will do as you've asked. will copy/paste the contents of the report with new HJT log.
thanks!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top