1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows Reverting Back

Discussion in 'Virus & Other Malware Removal' started by Zainin, May 29, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. Zainin

    Zainin Thread Starter

    Joined:
    Jun 16, 2007
    Messages:
    22
    Hello,

    Sorry to bother, could someone please help out?

    My computer has gotten slowly all of a sudden during the last 2 weeks.

    It takes several minutes when trying to open/rename/copy/move/deletes folders/files, and even longer when emptying the recycle bin. Same goes with opening some programs especially FireFox & Winamp.

    I also keep getting this message "Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvenience" It crashes every time I try to play certain videos, copying or moving files.

    For the last couple years, I kept getting the message "Your system is low on virtual memory" My current memory is 256MB of RAM, I will buy another bar of RAM soon, still it's not an excuse for the sudden slowness, especially when I don't have powerful programs that requires the upgrade.

    I have scanned with SpySweeper and Panda, both detected malware, unfortunately no fixing was done since both require payment to do so.

    I scanned then with Ad-Aware, Spybot and AVG and fixed whatever they found.

    I do have a log of Panda and screencap of SpySweeper, so if HJT log fails to be useful, I will provide the other 2 logs if requested.

    I hope I provided enough information, and many thanks for taking the time to help out!





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:23:39 PM, on 5/29/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\iRotate\iRotate.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\conime.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\RunServices: [Win Services] Srv32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
    O4 - HKUS\S-1-5-18\..\Run: [svnlito32] svnlito32.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft messenger] imsnger.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Miscrosoft Windows Explorer] IEEXPLORER.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Windows Media Loader] wmloader.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Task Manager] tasks.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Schedule] sched.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000141.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunServices: [svnlito32] svnlito32.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [svnlito32] svnlito32.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunServices: [svnlito32] svnlito32.exe (User 'Default user')
    O4 - Startup: Power-Antivirus-2009.lnk = C:\Program Files\Power-Antivirus-2009\Power-Antivirus-2009.exe
    O4 - Startup: iRotate.lnk = C:\Program Files\iRotate\iRotate.exe
    O4 - Global Startup: Start GetRight.lnk = C:\Program Files\GetRight\getright.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3944273C-F6BA-48AC-843D-7A05E7C6B71D}: NameServer = 195.226.228.72 195.226.228.74
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program Files\PremierOpinion\pmai.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Socks-Cap (Sc32Inch) - Unknown owner - C:\WINDOWS\Sc32Inch.exe (file missing)
    O23 - Service: Windows Event Services (SERVICE32) - Unknown owner - C:\WINDOWS\system\services.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 6362 bytes
     
  2. Zainin

    Zainin Thread Starter

    Joined:
    Jun 16, 2007
    Messages:
    22
    Hello,

    Could someone please help out? I'm not sure how to explain this problem, but for several months now I have been experiencing weird problems, sometimes when I reboot the Computer's date/clock goes back to 2002 and just a few weeks ago, the whole Windows system reverted back to it's old style, I have to associate files, folders are protected and my D drive vanished, it's just like how I first bought it, the first time it happened I manged to get back my current settings when I rebooted it once, but yesterday I had to unplug cables and reboot it twice till I got my current settings, both my computer and Internet seem to be slow as well, I already posted about that in here, but didn't get any replies, I thought maybe my HJT log was clean.

    This time I scanned with "Malwarebytes' Anti-Malware" and "SUPERAntiSpyware" then scanned with "HiJackThis" I'm going to paste these 3 logs results, so hopefully someone might be able to define the problem this time. Thanks a lot!

    -------------------------------------------------------------------------------​

    Malwarebytes' Anti-Malware 1.38
    Database version: 2297
    Windows 5.1.2600 Service Pack 2

    6/26/2009 8:04:45 AM
    mbam-log-2009-06-26 (08-04-23).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 200256
    Time elapsed: 1 hour(s), 12 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 7
    Registry Values Infected: 1
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{20d57a66-f7df-467d-907b-9b7f4a118ab7} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntiVirus) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20d57a66-f7df-467d-907b-9b7f4a118ab7} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> No action taken.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> No action taken.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SERVICE32 (Backdoor.Sdbot) -> No action taken.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sc32Inch (Backdoor.Sdbot) -> No action taken.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{20d57a66-f7df-467d-907b-9b7f4a118ab7} (Trojan.Vundo) -> No action taken.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\winsysban12.exe (Trojan.Agent) -> No action taken.

    -------------------------------------------------------------------------------​

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/27/2009 at 08:07 AM

    Application Version : 4.26.1006

    Core Rules Database Version : 3959
    Trace Rules Database Version: 1901

    Scan type : Complete Scan
    Total Scan Time : 02:56:49

    Memory items scanned : 426
    Memory threats detected : 0
    Registry items scanned : 6927
    Registry threats detected : 6
    File items scanned : 125700
    File threats detected : 71

    Adware.Tracking Cookie
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
    .mediafire.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .mediafire.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .mediafire.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    stat.onestat.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    stat.onestat.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    stat.onestat.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .xiti.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    www7.addfreestats.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    usawarez.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    usawarez.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .paypal.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .indextools.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    server.iad.liveperson.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    server.iad.liveperson.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    server.iad.liveperson.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .indigio.122.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .quill.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    find.franklin.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .franklinelectronicpublishers.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .buycom.122.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    traffic.buyservices.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    www.clickxchange.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .ice.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .supermediastore.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]
    .stats.paypal.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\52vrqifp.default\cookies.txt ]

    Adware.Elite Media
    HKLM\Software\elite
    HKLM\Software\elite#check
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/elite.ocx
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/elite.ocx#.Owner
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/elite.ocx#{9AC54695-69A4-46F1-BE10-10C74F9520D5}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\elite.ocx [  ]
    C:\WINDOWS\elitemediagroup.ini

    Trojan.Unknown Origin
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OAQC5ECM\TELLER2[1].HTM
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KDABW923\TELLER2[1].HTM

    Adware.Vundo/Variant-MSFake
    C:\WINDOWS\SYSTEM32\T5RDV.DLL
    C:\WINDOWS\SYSTEM32\ECESQ.DLL

    Adware.DollarRevenue
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OAQC5ECM\smartload_stats[1].htm
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WD6RC1IV\smartload_stats[1].htm
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KDABW923\smartload_stats[1].htm
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GL6NK1Y7\smartload[2].htm
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GL6NK1Y7\smartload[1].htm
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KDABW923\smartload_d[1].htm
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WD6RC1IV\smartload_stats[2].htm
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KDABW923\smartload_stats[3].htm
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GL6NK1Y7\smartload[3].htm
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KDABW923\smartload_stats[2].htm
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GL6NK1Y7\smartload_stats[1].htm
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OAQC5ECM\smartload_stats[2].htm

    Trace.Known Threat Sources
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KDABW923\a272a970[1].js
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GL6NK1Y7\checkin[2].htm
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OAQC5ECM\init[1].js
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WD6RC1IV\prompt_ie_win[1].js

    -------------------------------------------------------------------------------​

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:28:15 AM, on 6/27/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\iRotate\iRotate.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\RunServices: [Win Services] Srv32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [svnlito32] svnlito32.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft messenger] imsnger.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Miscrosoft Windows Explorer] IEEXPLORER.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Windows Media Loader] wmloader.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Task Manager] tasks.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Schedule] sched.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000141.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunServices: [svnlito32] svnlito32.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [svnlito32] svnlito32.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunServices: [svnlito32] svnlito32.exe (User 'Default user')
    O4 - Startup: Power-Antivirus-2009.lnk = C:\Program Files\Power-Antivirus-2009\Power-Antivirus-2009.exe
    O4 - Startup: iRotate.lnk = C:\Program Files\iRotate\iRotate.exe
    O4 - Global Startup: Start GetRight.lnk = C:\Program Files\GetRight\getright.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3944273C-F6BA-48AC-843D-7A05E7C6B71D}: NameServer = 195.226.228.72 195.226.228.74
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program Files\PremierOpinion\pmai.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 6950 bytes
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.




    [​IMG] Download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




    Please do an online scan with Kaspersky WebScanner

    Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure the following is checked.
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        [*]Archives
        [*]Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    • Please post this log in your next reply.


    Upgrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
    • Click the "Download" button to the right.
    • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
    • Click on Continue.
    • Click on the link to download Windows Offline Installation (jre-6u14-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u14-windows-i586-p.exe and select "Run as an Administrator".)
     
  4. Zainin

    Zainin Thread Starter

    Joined:
    Jun 16, 2007
    Messages:
    22
    Hello cybertech,

    Thank you for taking the time to help out!




    Malwarebytes' Anti-Malware 1.38
    Database version: 2370
    Windows 5.1.2600 Service Pack 2

    7/4/2009 8:02:45 AM
    mbam-log-2009-07-04 (08-02-45).txt

    Scan type: Quick Scan
    Objects scanned: 91832
    Time elapsed: 12 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\bb.exe (Trojan.Agent) -> Quarantined and deleted successfully.






    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0 REPORT
    Sunday, July 5, 2009
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Program database last update: Saturday, July 04, 2009 10:36:29
    Records in database: 2425951
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan statistics:
    Files scanned: 128675
    Threat name: 7
    Infected objects: 67
    Suspicious objects: 0
    Duration of the scan: 10:05:41


    File name / Threat name / Threats count
    C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\i.bac_a03140 Infected: Trojan-Downloader.BAT.Ftp.ab 1
    C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\o.bac_a03140 Infected: Trojan-Downloader.BAT.Ftp.ab 1
    C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\YazzleBundle-1125.exe.bac_a03140 Infected: Trojan.Win32.Scapur.k 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP0.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP1.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP2.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP3.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP4.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP5.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP6.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP7.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP8.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP9.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP10.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP11.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP12.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP13.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP14.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP15.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP16.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP17.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP18.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP19.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP20.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP21.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP22.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP23.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP24.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP25.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP26.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP27.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP28.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP29.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP30.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP31.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP32.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP33.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP34.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP35.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP36.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP37.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP38.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP39.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP40.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP41.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP42.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP43.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP44.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP45.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP46.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP47.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP48.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP49.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP50.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP51.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP52.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP53.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP54.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP55.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP56.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP57.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP58.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP59.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h 1
    C:\Sysreset\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
    C:\Sysreset\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
    D:\Softwares & Misc\Sotwares\flvtomp4converter_setup.exe Infected: Trojan-Downloader.Win32.Delf.uhr 1
    D:\Softwares & Misc\[[CHECK]]\Share10_ex2.zip Infected: not-a-virus:Client-P2P.Win32.Share.a 1

    The selected area was scanned.
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I would delete these two items:
    D:\Softwares & Misc\Sotwares\flvtomp4converter_setup.exe Infected: Trojan-Downloader.Win32.Delf.uhr 1
    D:\Softwares & Misc\[[CHECK]]\Share10_ex2.zip Infected: not-a-virus:Client-P2P.Win32.Share.a 1



    Empty the Norton AntiVirus Quarantine, no need to keep those hanging around.



    Please post your hijackthis log again and let me know if you are still having problems.
     
  6. Zainin

    Zainin Thread Starter

    Joined:
    Jun 16, 2007
    Messages:
    22
    Thanks for the help!

    -I deleted the 2 items.
    -I wasn't sure how to empty the quarantine since I don't have NAV installed anymore, so I deleted the folder, I hope that was ok?




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:30:10 PM, on 7/5/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\iRotate\iRotate.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\conime.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ACD Systems\ACDSee\ACDSee.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\RunServices: [Win Services] Srv32.exe
    O4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserver
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [svnlito32] svnlito32.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft messenger] imsnger.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Miscrosoft Windows Explorer] IEEXPLORER.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Windows Media Loader] wmloader.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Task Manager] tasks.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Schedule] sched.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000141.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunServices: [svnlito32] svnlito32.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [svnlito32] svnlito32.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunServices: [svnlito32] svnlito32.exe (User 'Default user')
    O4 - Startup: Power-Antivirus-2009.lnk = C:\Program Files\Power-Antivirus-2009\Power-Antivirus-2009.exe
    O4 - Startup: iRotate.lnk = C:\Program Files\iRotate\iRotate.exe
    O4 - Global Startup: Start GetRight.lnk = C:\Program Files\GetRight\getright.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3944273C-F6BA-48AC-843D-7A05E7C6B71D}: NameServer = 195.226.228.72 195.226.228.74
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program Files\PremierOpinion\pmai.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 7058 bytes
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download this from Microsoft and run it on your computer
    Filename: WGADiag2.exe
    http://go.microsoft.com/fwlink/?linkid=52012

    Press "Copy to clipboard" and then you can paste to Wordpad and post to this thread
     
  8. Zainin

    Zainin Thread Starter

    Joined:
    Jun 16, 2007
    Messages:
    22
    Diagnostic Report (1.9.0006.1):
    -----------------------------------------
    WGA Data-->
    Validation Status: Blocked VLK
    Validation Code: 3
    Online Validation Code: N/A
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-4RHJG-83M4Y-7X9GW
    Windows Product Key Hash: 5CG2aCaHENU8LMWFFoQ/184emQ0=
    Windows Product ID: 55274-649-6478953-23289
    Windows Product ID Type: 1
    Windows License Type: Volume
    Windows OS version: 5.1.2600.2.00010100.2.0.pro
    ID: {8C67087F-D47A-41DC-904A-7367388B3F3A}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.9.40.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    WGA Notifications Data-->
    Cached Result: 3
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    WGATray.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 114 Blocked VLK 2
    Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
    Microsoft Office FrontPage 2003 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\PROGRA~1\MOZILL~1\FIREFOX.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{8C67087F-D47A-41DC-904A-7367388B3F3A}</UGUID><Version>1.9.0006.1</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-7X9GW</PKey><PID>55274-649-6478953-23289</PID><PIDType>1</PIDType><SID>S-1-5-21-515967899-630328440-839522115</SID><SYSTEM><Manufacturer>INTEL_</Manufacturer><Model>D845PESV</Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>SV84510A.86A.0006.P02.0208220046</Version><SMBIOSVersion major="2" minor="3"/><Date>20020822000000.000000+000</Date></BIOS><HWID>FBF13A4701842042</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Arab Standard Time(GMT+03:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57715</Pid><PidType>14</PidType></Product><Product GUID="{90170409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office FrontPage 2003</Name><Ver>11</Ver><Val>5EA9C3672EB0500</Val><Hash>GZD+9sfb5ecL3RxyV4F75a86u2M=</Hash><Pid>72079-640-0000106-55175</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="17" Version="11" Result="100"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 4C51:Compaq Computer Corporation|1A4F1:GENUINE C&C INC|4C51:Hewlett-Packard Company
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    This installation of windows is being blocked which usually means it is not a legal install.
    It is using a volume licence key.
    Where did it come from?

    Go to Start
    All Programs
    Accessories
    System Tools
    Activate Windows

    If available, follow the prompts to Activate Windows. If the installation was done from someone else's CD, I would suggest you backup all your documents and personal items, and restore the computer back to factory settings. It isn't wise to keep non-genuine installations.
     
  10. Zainin

    Zainin Thread Starter

    Joined:
    Jun 16, 2007
    Messages:
    22
    I don't see Activate Windows.

    I knew you were gonna ask this, I actually added a note in my previous post, but decided to delete it, and see what you're gonna say first.

    I have always had a legal copy of XP, until one day when my computer got infected with virus, at that time I didn't know of TSG forum and NAV was almost useless in solving the problems, so the repair guy formatted my PC and obviously replaced it with a pirate copy, I didn't realize so, until months later when I tried to download something from Microsoft site and the validation didn't work.

    Now, I would like to get a legal copy, but the idea of moving my files just discourages me, especially the softwares that I installed.

    I might be able to move my files (videos & zips) to my external HD, but can I install a legal copy without losing the settings/softwares I installed already? like video codecs, iTunes, AVG, etc... not to mention having my PC recognize USB devices e.g. scanner, memory sticks, ebook reader, etc...?

    If it's not too much trouble, could you please shed some lights on this matter? much appreciated!

    Thank you so much for taking the time to solve this problem.
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    It's unfortunate that you got caught in this situation, as happens to so many people who are not aware their systems are not genuine after being repaired.


    Here is a forum where they can try and assist you: http://social.microsoft.com/forums/en-US/genuinewindowsxp/threads/



    Also for what it's worth you would be better off doing a format and reload on this machine which will not save your downloaded programs or data but you will have a clean OS to start fresh with.
     
  12. Zainin

    Zainin Thread Starter

    Joined:
    Jun 16, 2007
    Messages:
    22
    Thank you cybertech, you have been such a great help!

    I will be checking out the Microsoft forum shortly.

    Thank you so much! ^_^
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You're welcome. Good luck.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/838612

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice