View Full Version : Search Engine Being Rerouted
Hitmen
10-03-2008, 02:29 PM
Hi I am have an issues with no matter what I search for in google when I click on the links it doesn't take to the right pages. I have noticed on the bottom of the webpage it will say auut.com, but it never routes me to that page but it will route me to pages like:
ht tp://www entrepreneur com/cb.htm?msc=1
h ttp://onlineprivatescan com/2009/1/_freescan.php?id=77037903
ht tp://www allthebrands com/search.aspx?q=removing+spyware&sm=1&sm=1&UX_sk=1
h ttp://www cyber-defender com/EDC/landing/10/?affl=webmetro_looksmartp2d&campaign_code=344201&int_page=1&wm_lpID=4398519&wm_ctID=13&wm_kwID=4042524&wm_mtID=26&wm_defaultURL=http://www.cyber-defender.com/EDC/landing/10/%3faffl%3dwebmetro_looksmartp2d%26campaign_code%3d 344201%26int_page%3d1
ht tp://stolnik net/888/_ts/?s=ndot&sid=keygenUS&q=hijackthis+download &ID=13866&fb=aSlAXz5iW2g%2BbWcxRGJDaDBQUztpUGR6RG1bej5tJTFyY CUxJW1AWVEkYVk%2BYCUxPklAWSUpflolbX5gPklnWT5gJTElK UQxRGp4O1JqQ19STi1oMEM%2FLzBWRCM4aEA2PllEWiVtOHElX 0QjOGhAWj5ZU2U4JzIvRG1baD5tYTFEbWdgJUlEWT5gNmg%2Bb SUxRGo2O0dKRCM4aEBoJW1AWWloUm1pQmlxMClDOzAkaWhHJGF aMG04RiVqJSBpQmFxR2gwaiVCU3o%2BSWdZPmBafQ%3D%3D
***
Those are just a few of the pages I have been rerouted to. I have done some other searching trying to find a way to get rid of this spyware. In my searches I have been told to run these programs:
Advanced WindowsCare v2 Personal
Ad-Aware SE Personal
CCleaner
Spybot - Search & Destroy
I have ran all these programs, along with a complete uninstall of firefox and I have yet to be able to get rid of this problem I was wondering if you could help me.
Here is my HiJack Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:21 AM, on 10/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\NavNT\defwatch.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Alias\Maya6.5\docs\wrapper.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\NavNT\rtvscan.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
F:\Program Files\QuickTime\QTTask.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\D-Tools\daemon.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\MSI\Live Update 3\LMonitor.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\NavNT\vptray.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
F:\WINDOWS\system32\MsgSys.EXE
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Tapwave\HOTSYNC.EXE
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
F:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\wuauclt.exe
F:\program files\valve\steam\steam.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Windows Media Player\wmplayer.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: Starware Jokes Toolbar - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SW24] F:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [SW20] F:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Zune Launcher] "F:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WINCINEMAMGR] "F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "F:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CloneCDTray] "F:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "F:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] F:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LiveMonitor] F:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LiveMonitor] F:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKCU\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [vptray] F:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [Steam] "f:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EA Core] F:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [AnyDVD] F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: HotSync Manager.lnk = F:\Program Files\Tapwave\HOTSYNC.EXE
O4 - Global Startup: BlueSoleil.lnk = F:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: hp psc 2000 Series.lnk = F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
Hitmen
10-03-2008, 02:30 PM
HiJacked Continued
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130723267578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130727446031
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.5.0_03) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - F:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - F:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - F:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - F:\Program Files\Alias\Maya6.5\docs\wrapper.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - F:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Install Bootstrap Service (REMSTART) - Unknown owner - c:\Temp\temp\RemStart.exe (file missing)
--
End of file - 11935 bytes
I neutered the links to the sites you are being redirected to...often such sites are malicious in nature and try to infect others with whatever it is that you've got.
You need access to a known clean machine in order to do a trustworthy clean up You will also need a USB drive or burn the tools onto a CD...
Download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Download this file -combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Put both of them on the USB drive or a CD.
Don't run them, yet.
Also, it would be a good idea to grab a clean copy of HJT this while you are at it...http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
Then rename the HijackThis executable to something like upthis.exe and post a log from the known clean HJT.
classicsoftware
10-03-2008, 08:44 PM
Please go into MSCONFIG and enable everything. You are infected and we need to make sure nothing is hiding. Then run Combofix and MBAM. After running the scans, post the following:
1) The MBAM log
2) The Combofix log
3) A new Hijackthis log
4) A description of how the system is running.
And please make sure that you grab the scanners on a known clean computer...the one link you posted was a redirect to an ancient version of HJT that may possibly have been hacked. And if it wasn't hacked, it almost assuredly isn't up to date enough to deal with what you've got.
Hitmen
10-04-2008, 01:37 PM
Also, it would be a good idea to grab a clean copy of HJT this while you are at it...http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
Then rename the HijackThis executable to something like upthis.exe and post a log from the known clean HJT.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:29 AM, on 10/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\NavNT\defwatch.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Alias\Maya6.5\docs\wrapper.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\NavNT\rtvscan.exe
F:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
F:\Program Files\QuickTime\qttask.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\D-Tools\daemon.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\NavNT\vptray.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\MSI\Live Update 3\LMonitor.exe
F:\program files\valve\steam\steam.exe
F:\WINDOWS\system32\MsgSys.EXE
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Tapwave\HOTSYNC.EXE
F:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Main\Desktop\Spyware\UpThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: Starware Jokes Toolbar - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SW24] F:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [SW20] F:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Zune Launcher] "F:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WINCINEMAMGR] "F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "F:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CloneCDTray] "F:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "F:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] F:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LiveMonitor] F:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LiveMonitor] F:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKCU\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [vptray] F:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [Steam] "f:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EA Core] F:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [AnyDVD] F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: HotSync Manager.lnk = F:\Program Files\Tapwave\HOTSYNC.EXE
O4 - Global Startup: BlueSoleil.lnk = F:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: hp psc 2000 Series.lnk = F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
Hitmen
10-04-2008, 01:38 PM
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130723267578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130727446031
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.5.0_03) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - F:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - F:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - F:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - F:\Program Files\Alias\Maya6.5\docs\wrapper.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - F:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Install Bootstrap Service (REMSTART) - Unknown owner - c:\Temp\temp\RemStart.exe (file missing)
--
End of file - 12093 bytes
Hitmen
10-04-2008, 03:00 PM
Please go into MSCONFIG and enable everything. You are infected and we need to make sure nothing is hiding. Then run Combofix and MBAM. After running the scans, post the following:
1) The MBAM log
2) The Combofix log
3) A new Hijackthis log
4) A description of how the system is running.
1) MBAM LOG
Malwarebytes' Anti-Malware 1.28
Database version: 1227
Windows 5.1.2600 Service Pack 3
10/4/2008 11:30:50 AM
mbam-log-2008-10-04 (11-30-50).txt
Scan type: Full Scan (F:\|G:\|)
Objects scanned: 226145
Time elapsed: 39 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 33
Files Infected: 64
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\starware347 (Adware.Starware) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Hitmen
10-04-2008, 03:01 PM
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: f:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.
Folders Infected:
F:\Documents and Settings\All Users\Application Data\Starware347 (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\buttons (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\contexts (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347 (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\EntertainmentMarketingSP (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\EntertainmentMarketingSP\images (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\EntertainmentMarketingSP\images\a ctive (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\EntertainmentMarketingSP\images\d efault (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Games (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\JokeSearch (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Manager (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Movies (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Pranks (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\ScreensaversMarketingSitePager\im ages (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\ScreensaversMarketingSitePager\im ages\active (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\ScreensaversMarketingSitePager\im ages\default (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
Files Infected:
F:\Documents and Settings\All Users\Application Data\Starware347\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\buttons\jokesearch.bmp (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\buttons\pranks.bmp (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\contexts\related.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\contexts\travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\ProductMessagingConf ig.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\ProductMessagingConf ig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\SimpleUpdateConfig.x ml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\SimpleUpdateConfig.x ml.backup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\TimerManagerConfig.x ml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\TimerManagerConfig.x ml.backup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\BrowserSearch\BrowserSearch.xml.b ackup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Configurator\Configurator.xml.bac kup (Adware.Starware) -> Quarantined and deleted successfully.
Hitmen
10-04-2008, 03:02 PM
F:\Documents and Settings\Main\Application Data\Starware347\EntertainmentMarketingSP\Entertai nmentMarketingSPOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\EntertainmentMarketingSP\Entertai nmentMarketingSPOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\EntertainmentMarketingSP\images\a ctive\EntertainmentMarketingSP0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xm l (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xm l.backup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml. backup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Pranks\PranksOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Pranks\PranksOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\RelatedSearch\RelatedSearchOption s.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\RelatedSearch\RelatedSearchOption s.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\ScreensaversMarketingSitePager\Sc reensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\ScreensaversMarketingSitePager\Sc reensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\ScreensaversMarketingSitePager\im ages\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\Toolbar\TBProductsOptions.xml.bac kup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xm l (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xm l.backup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\ToolbarSearch\ToolbarSearchOption s.xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\ToolbarSearch\ToolbarSearchOption s.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\TravelSearch\TravelSearchOptions. xml (Adware.Starware) -> Quarantined and deleted successfully.
F:\Documents and Settings\Main\Application Data\Starware347\TravelSearch\TravelSearchOptions. xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.
F:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Delete on reboot.
F:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
F:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\tdssinit.dll (Rootkit.Agent) -> Delete on reboot.
F:\WINDOWS\system32\tdssmain.dll (Rootkit.Agent) -> Delete on reboot.
F:\WINDOWS\system32\tdssserf.dll (Rootkit.Agent) -> Delete on reboot.
F:\WINDOWS\system32\drivers\tdssserv.sys (Rootkit.Agent) -> Delete on reboot.
Hitmen
10-04-2008, 03:03 PM
2) The Combofix log
ComboFix 08-10-04.01 - Main 2008-10-04 11:38:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1851 [GMT -7:00]
Running from: F:\Documents and Settings\Main\Desktop\Spyware\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Documents and Settings\Main\Application Data\ASKS~1
F:\Program Files\crosof~1.net
F:\Program Files\media-codec
F:\Program Files\media-codec\uninst.exe
F:\Program Files\security toolbar
F:\Program Files\security toolbar\Security Toolbar.dll
F:\Program Files\security toolbar\Uninstall.bat
F:\WINDOWS\jestertb.dll
F:\WINDOWS\system32\TDSSerrors.log
F:\WINDOWS\system32\tdsslog.dll
F:\WINDOWS\system32\tdssservers.dat
F:\WINDOWS\system32\windows_update.exe
F:\WINDOWS\system32\wintsvit.exe
F:\WINDOWS\system32\wl.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.
2008-10-04 11:41 . 2008-10-04 11:41 <DIR> d--h----- F:\$AVG8.VAULT$
2008-10-04 10:39 . 2008-10-04 10:40 <DIR> d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-10-04 10:39 . 2008-10-04 10:39 <DIR> d-------- F:\Documents and Settings\Main\Application Data\Malwarebytes
2008-10-04 10:39 . 2008-10-04 10:39 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-04 10:39 . 2008-09-10 00:04 38,528 --a------ F:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-04 10:39 . 2008-09-10 00:03 17,200 --a------ F:\WINDOWS\system32\drivers\mbam.sys
2008-10-04 10:29 . 2008-10-04 10:29 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\LogiShrd
2008-10-04 10:09 . 2008-05-02 02:38 301,656 --a------ F:\WINDOWS\system32\BtCoreIf.dll
2008-10-04 10:09 . 2008-05-02 02:39 170,512 --a------ F:\WINDOWS\system32\kemutb.dll
2008-10-04 10:09 . 2008-05-02 02:39 145,936 --a------ F:\WINDOWS\system32\KemUtil.dll
2008-10-04 10:09 . 2008-05-02 02:40 117,264 --a------ F:\WINDOWS\system32\KemWnd.dll
2008-10-04 10:09 . 2008-05-02 02:40 84,496 --a------ F:\WINDOWS\system32\KemXML.dll
2008-10-04 10:09 . 2008-10-04 10:09 0 --ah----- F:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2008-10-04 10:09 . 2008-10-04 10:09 0 --ah----- F:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2008-10-04 10:08 . 2008-10-04 10:09 <DIR> d-------- F:\Program Files\Common Files\Logishrd
2008-10-04 10:08 . 2008-10-04 10:08 <DIR> d-------- F:\Documents and Settings\Main\Application Data\InstallShield
2008-10-04 10:08 . 2008-10-04 10:08 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Logitech
2008-10-03 11:25 . 2008-10-04 11:45 54,156 --ah----- F:\WINDOWS\QTFont.qfn
2008-10-03 11:25 . 2008-10-03 11:25 1,409 --a------ F:\WINDOWS\QTFont.for
2008-10-03 10:50 . 2008-10-03 10:50 <DIR> d-------- F:\Program Files\Trend Micro
2008-10-03 08:10 . 2008-10-04 11:35 <DIR> d-------- F:\WINDOWS\system32\drivers\Avg
2008-10-03 08:10 . 2008-10-03 08:10 <DIR> d-------- F:\Program Files\AVG
2008-10-03 08:10 . 2008-10-03 08:12 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\avg8
2008-10-03 08:10 . 2008-10-03 08:10 97,928 --a------ F:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-03 08:10 . 2008-10-03 08:10 10,520 --a------ F:\WINDOWS\system32\avgrsstx.dll
2008-10-02 11:09 . 2008-10-02 11:09 <DIR> d-------- F:\Program Files\Yahoo!
2008-10-02 11:09 . 2008-10-02 11:14 <DIR> d-------- F:\Program Files\CCleaner
2008-10-02 10:12 . 2008-10-02 10:12 <DIR> d-------- F:\Program Files\IObit
2008-10-02 10:10 . 2008-10-02 10:10 <DIR> d-------- F:\Program Files\Lavasoft
2008-09-30 09:52 . 2008-09-30 09:52 <DIR> d-------- F:\WINDOWS\system32\scripting
2008-09-30 09:52 . 2008-09-30 09:52 <DIR> d-------- F:\WINDOWS\system32\en
2008-09-30 09:52 . 2008-09-30 09:52 <DIR> d-------- F:\WINDOWS\l2schemas
2008-09-25 10:53 . 2008-09-25 10:53 <DIR> d-------- F:\WINDOWS\system32\AGEIA
2008-09-25 10:53 . 2008-09-25 10:58 <DIR> d-------- F:\WINDOWS\NV3003944.TMP
2008-09-25 10:53 . 2008-09-25 10:53 <DIR> d-------- F:\Program Files\AGEIA Technologies
2008-09-25 01:19 . 2008-09-25 01:21 <DIR> d-------- F:\WINDOWS\NV21562116.TMP
2008-09-25 00:37 . 2008-09-25 00:37 <DIR> d-------- F:\Documents and Settings\Main\Application Data\Spore
2008-09-22 01:37 . 2008-10-01 12:56 <DIR> d-------- F:\Program Files\Avi2Dvd
2008-09-04 09:31 . 2008-09-04 09:31 288,024 --a------ F:\WINDOWS\system32\PhysXCplUI.exe
2008-09-04 09:31 . 2008-09-04 09:31 181,528 --a------ F:\WINDOWS\system32\PhysX.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-10-04 17:09 --------- d-----w F:\Program Files\Common Files\Logitech
2008-10-04 17:08 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-10-02 17:10 --------- d-----w F:\Documents and Settings\Main\Application Data\Lavasoft
2008-10-01 19:57 --------- d-----w F:\Program Files\AviSynth 2.5
2008-09-26 18:23 --------- d-----w F:\Program Files\World of Warcraft
2008-09-25 17:53 --------- d-----w F:\Program Files\Common Files\Wise Installation Wizard
2008-09-25 07:56 --------- d-----w F:\Program Files\Electronic Arts
2008-09-17 16:55 6,132,576 ----a-w F:\WINDOWS\system32\drivers\nv4_mini.sys
2008-09-03 07:04 --------- d-----w F:\Documents and Settings\Main\Application Data\Audacity
2008-09-02 17:47 --------- d-----w F:\Program Files\Audacity 1.3 Beta (Unicode)
2008-08-21 16:51 --------- d-----w F:\Program Files\V CAST Music with Rhapsody
2008-08-13 02:24 --------- d-----w F:\Program Files\Common Files\Real
2008-08-13 02:23 --------- d-----w F:\Program Files\Real
2008-08-13 02:20 --------- d-----w F:\Program Files\LG Electronics
2008-08-12 17:02 --------- d-----w F:\Program Files\Java
2006-09-14 15:39 2,075 ----a-w F:\Documents and Settings\Main\Application Data\WWB7_32.DAT
2004-03-11 20:27 40,960 ----a-w F:\Program Files\Uninstall_CDS.exe
.
Hitmen
10-04-2008, 03:04 PM
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"LiveMonitor"="F:\Program Files\MSI\Live Update 3\LMonitor.exe" [2008-03-14 498176]
"vptray"="F:\Program Files\NavNT\vptray.exe" [2001-09-24 73728]
"Steam"="f:\program files\valve\steam\steam.exe" [2008-10-03 1271032]
"SpybotSD TeaTimer"="F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 1415824]
"AnyDVD"="F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-01-28 287077]
"Windows Defender"="F:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UpdReg"="F:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"SW24"="F:\WINDOWS\System32\sw24.exe" [2005-07-04 69632]
"SW20"="F:\WINDOWS\System32\sw20.exe" [2005-06-30 200704]
"CTSysVol"="F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"ccApp"="F:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-28 58488]
"AVG8_TRAY"="F:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-03 1234712]
"Zune Launcher"="F:\Program Files\Zune\ZuneLauncher.exe" [2006-12-12 21464]
"zBrowser Launcher"="F:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2008-09-17 86016]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 81920]
"vptray"="F:\Program Files\NavNT\vptray.exe" [2001-09-24 73728]
"LiveMonitor"="F:\Program Files\MSI\Live Update 3\LMonitor.exe" [2008-03-14 498176]
"MSConfig"="F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]
"Windows Defender"="F:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 F:\WINDOWS\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 F:\WINDOWS\system32\bthprops.cpl]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 F:\WINDOWS\KHALMNPR.Exe]
F:\Documents and Settings\Main\Start Menu\Programs\Startup\
HotSync Manager.lnk - F:\Program Files\Tapwave\HOTSYNC.EXE [2004-02-03 294912]
F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - F:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-08-31 1196032]
hp psc 2000 Series.lnk - F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 323646]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 f:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2004-11-01 11:50 8704 F:\WINDOWS\system32\PCANotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\Valve\\Steam\\SteamApps\\rlfraley\\counter-strike source\\hl2.exe"=
"F:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"F:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"=
"F:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"F:\\Program Files\\Valve\\Steam\\SteamApps\\rlfraley\\half-life 2\\hl2.exe"=
"F:\\Program Files\\Xfire\\Xfire.exe"=
"F:\\Program Files\\Valve\\Steam\\SteamApps\\rlfraley\\half-life 2 deathmatch\\hl2.exe"=
"F:\\Program Files\\Valve\\Steam\\SteamApps\\rlfraley\\half-life 2 lostcoast\\hl2.exe"=
"F:\\Program Files\\Messenger\\msmsgs.exe"=
"F:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"F:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"F:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"F:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"F:\\Program Files\\iTunes\\iTunes.exe"=
"F:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"F:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"F:\\Program Files\\MSN Messenger\\livecall.exe"=
"F:\\Program Files\\World of Warcraft\\Repair.exe"=
"F:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"F:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"F:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"F:\\Program Files\\backburner 2\\manager.exe"=
"F:\\WINDOWS\\system32\\rtcshare.exe"=
"F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr. exe"=
"F:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"F:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"F:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:*:Disabled:Emule
"6112:TCP"= 6112:TCP:Blizzard Downloader: 6112
"1194:TCP"= 1194:TCP:Open VPN
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R1 AvgLdx86;AVG Free AVI Loader Driver x86;F:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-03 97928]
R1 nenum13E;nenum13E;F:\WINDOWS\System32\Drivers\nenu m13E.sys [2003-04-17 43008]
R2 avg8wd;AVG Free8 WatchDog;F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-03 231704]
R2 maya65docserver;Maya 6.5 Documentation Server;F:\Program Files\Alias\Maya6.5\docs\wrapper.exe [2004-07-16 126976]
S0 ElbyVCD;ElbyVCD;F:\WINDOWS\system32\DRIVERS\ElbyVC D.sys [ ]
S2 MKEMUSB;Panasonic Digital Palmcorder;F:\WINDOWS\system32\Drivers\Mkemusb.sys [2001-08-08 14308]
S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;F:\WINDOWS\system32\Drivers\Mkeusbi.sys [2002-09-02 16640]
S3 PCAlertDriver;PCAlertDriver;F:\Program Files\MSI\Core Center\NTGLM7X.sys [2004-11-16 23744]
S3 REMSTART;Remote Install Bootstrap Service;c:\Temp\temp\RemStart.exe [ ]
S3 RushTopDevice;RushTopDevice;F:\Program Files\MSI\Core Center\RushTop.sys [2004-11-16 38336]
S3 tap0801;TAP-Win32 Adapter V8;F:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 TwUSBD;TwUSBD;F:\WINDOWS\system32\drivers\TwUSBD.s ys [2003-09-29 16000]
.
Contents of the 'Scheduled Tasks' folder
2008-09-28 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- F:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2008-10-04 F:\WINDOWS\Tasks\MP Scheduled Scan.job
- F:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2008-09-30 F:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2005-05-31 01:04]
2006-07-08 F:\WINDOWS\Tasks\Symantec NetDetect.job
- F:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-30 17:24]
.
- - - - ORPHANS REMOVED - - - -
BHO-{45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - (no file)
BHO-{8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - (no file)
Toolbar-{9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file)
HKCU-Run-EA Core - F:\Program Files\Electronic Arts\EA Downloader\Core.exe
HKLM-Run-WINCINEMAMGR - F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
HKLM-Run-Home Theater SchSvr - F:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
HKLM-Run-CloneCDTray - F:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
HKLM-Run-CloneCDElbyCDFL - F:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
HKLM-Run-AVG7_CC - F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
HKLM-Run-keyboard - C:\\keyboard23.exe
SharedTaskScheduler-{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - F:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\yrxe2co6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.worldofwarcraft.com/
FF -: plugin - F:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npitunes.dll
FF -: plugin - F:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - F:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 11:44:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
Hitmen
10-04-2008, 03:05 PM
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: F:\WINDOWS\system32\winlogon.exe
-> F:\WINDOWS\system32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
F:\Program Files\Windows Defender\MsMpEng.exe
F:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\NavNT\defwatch.exe
F:\Program Files\NavNT\rtvscan.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\AVG\AVG8\avgrsx.exe
F:\WINDOWS\system32\MSGSYS.EXE
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
F:\Program Files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Completion time: 2008-10-04 11:53:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-04 18:53:42
Pre-Run: 31,102,451,712 bytes free
Post-Run: 31,102,881,792 bytes free
278 --- E O F --- 2008-10-03 02:20:47
Hitmen
10-04-2008, 03:06 PM
3) HiJack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:38 PM, on 10/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\NavNT\defwatch.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Alias\Maya6.5\docs\wrapper.exe
F:\Program Files\NavNT\rtvscan.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\WINDOWS\system32\MsgSys.EXE
F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Zune\ZuneLauncher.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
F:\Program Files\QuickTime\qttask.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\D-Tools\daemon.exe
F:\Program Files\NavNT\vptray.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\MSI\Live Update 3\LMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\program files\valve\steam\steam.exe
F:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Tapwave\HOTSYNC.EXE
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\notepad.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Documents and Settings\Main\Desktop\Spyware\UpThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file)
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SW24] F:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [SW20] F:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Zune Launcher] "F:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [vptray] F:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LiveMonitor] F:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [WINCINEMAMGR] "F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "F:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [CloneCDTray] "F:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "F:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LiveMonitor] F:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKCU\..\Run: [vptray] F:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [Steam] "f:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AnyDVD] F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [EA Core] F:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - Startup: HotSync Manager.lnk = F:\Program Files\Tapwave\HOTSYNC.EXE
O4 - Global Startup: BlueSoleil.lnk = F:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: hp psc 2000 Series.lnk = F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130723267578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130727446031
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.5.0_03) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
Hitmen
10-04-2008, 03:07 PM
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - F:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - F:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - F:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - F:\Program Files\Alias\Maya6.5\docs\wrapper.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - F:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Install Bootstrap Service (REMSTART) - Unknown owner - c:\Temp\temp\RemStart.exe (file missing)
--
End of file - 11643 bytes
Hitmen
10-04-2008, 03:09 PM
4) A description of how the system is running.
All seems to be running well now. Thank you all a bunch for the help. I will still check this post a couple more times to see if you guys have any other suggestions that I should do based on all the other logs I just added. But again thanks this was really pissing me off that i could resolve it.
classicsoftware
10-04-2008, 04:42 PM
How to Protect Yourself While On-Line
Make sure you have an up to date Antivirus. Scan Regularly. There are many free versions:
AVAST (http://www.avast.com/eng/download-avast-home.html)
AVG (http://free.grisoft.com/freeweb.php/doc/2/)
Antivir (http://www.free-av.com/antivirus/allinonen.html)
Make sure you have a software firewall and if you are on broadband, get behind a NAT router. There are also free versions:
Kerio (http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/)
Sygate (http://www.filehippo.com/download_sygate_personal_firewall/)
Zone Alarm (http://www.zonealarm.com/store/content/catalog/products/sku_list_za.jsp%3bjsessionid=BzJnZDxzyCUCcyZMB2t0Q co5IgutuYlrOMI5snmy1ZptQ2vOr1l1!776180791!-1062696904!7551!7552!-2099742426!-1062696903!7551!7552)
Keep Windows up to date. Visit Windows Update (http://windowsupdate.microsoft.com) and Office Update (http://office.microsoft.com/en-us/downloads/default.aspx) regularly.
Keep all of your software up to date. You can check on your software with the Secunia Software Inspector (http://secunia.com/software_inspector/). Sign up for e-mail notification and they will tell you when to check your system again.
Use Firefox (http://www.mozilla.org/products/) with the NoScript (http://noscript.net/) extension as your web browser.
Download, install and keep an updated version of SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html).
Do NOT click on links in any I.M. program.
Use Thunderbird (http://www.mozilla.com/en-US/thunderbird/) in place of Outlook or Outlook Express.
Use Foxit Reader (http://www.download.com/Foxit-PDF-Reader/3000-2079_4-10313206.html) with the PDF Download (https://addons.mozilla.org/en-US/firefox/addon/636) extension instead of Adobe Acrobat Reader.
DO NOT open attachments from ANYONE. Download them, and scan them with your AV before opening and only if your expect to receive them.
If you use IE download a copy of IE-Spyad (http://www.spywarewarrior.com/uiuc/resource.htm).
vBulletin v3.6.1, Copyright ©2000-2010, Jelsoft Enterprises Ltd.