|
-
March 14th, 2009, 08:25 PM
#1
tenga virus
This worm has been showing up 1 a month for some time now
Avast finds it and removes to quarantine but takes with it the .exe files from programs. Reinstalling programs works but virus re appears.
Have been following advice in thread #er 237321 will post the superanti log here.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/14/2009 at 05:35 PM
Application Version : 4.25.1014
Core Rules Database Version : 3795
Trace Rules Database Version: 1751
Scan type : Complete Scan
Total Scan Time : 00:42:32
Memory items scanned : 222
Memory threats detected : 0
Registry items scanned : 5778
Registry threats detected : 0
File items scanned : 95136
File threats detected : 78
Adware.Tracking Cookie
G:\Documents and Settings\2839\Cookies\[email protected][2].txt
G:\Documents and Settings\2839\Cookies\[email protected][2].txt
G:\Documents and Settings\2839\Cookies\[email protected][2].txt
G:\Documents and Settings\2839\Cookies\[email protected][1].txt
.xos.adbureau.net [ G:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\l2j9akxa.default\cookies.txt ]
.atwola.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.nextag.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.nextag.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.nextag.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.qnsr.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.qnsr.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.qnsr.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.roiservice.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
fcstats.bcentral.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.partner2profit.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.partner2profit.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.partner2profit.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.partner2profit.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.partner2profit.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.partner2profit.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.partner2profit.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.webstats4u.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.windowsmedia.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.partypoker.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.partypoker.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.apmebf.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.apmebf.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.maxserving.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.creativeby.viewpoint.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.locator.metadata.windowsmedia.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.belnk.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.bizrate.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.bizrate.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
entcon.trafficlightsslowmedown.net [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.metareward.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.metareward.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.metareward.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
ads2.drivelinemedia.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.icc.intellisrv.net [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.superstats.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
www.ticketsnow.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
www.ticketsnow.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
www.ticketsnow.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
web.neuroticmedia.net [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.bravenet.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
.bravenet.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
live.mediawebworks.com [ G:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\default.z7u\cookies.txt ]
-
March 14th, 2009, 08:27 PM
#2
Malwarebytes' Anti-Malware 1.34
Database version: 1849
Windows 5.1.2600 Service Pack 3
3/14/2009 6:47:47 PM
mbam-log-2009-03-14 (18-47-47).txt
Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 174538
Time elapsed: 29 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
The mbam log
-
March 14th, 2009, 08:29 PM
#3
GMER 1.0.15.14939 - http://www.gmer.net
Rootkit scan 2009-03-14 19:11:05
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEBC816B8]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwConnectPort [0xEDC7C0D2]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateFile [0xEDC7E302]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEBC81574]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreatePort [0xEDC7C02C]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateSection [0xEDC7CAAE]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateThread [0xEDC7BD12]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteFile [0xEDC7DCB0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteKey [0xEDC7CEC0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEBC81A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEBC8114C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEBC8164E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEBC8108C]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwOpenSection [0xEDC7C9E0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEBC810F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEBC8176E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEBC8172E]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetContextThread [0xEDC7BBB4]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetInformationFile [0xEDC7DDE0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEBC818AE]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwShutdownSystem [0xEDC7CFA0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwTerminateProcess [0xEDC7BF66]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwWriteFile [0xEDC7E14A]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwWriteFileGather [0xEDC7DFB4]
---- User code sections - GMER 1.0.15 ----
.text G:\Program Files\Comodo\Firewall\CPF.exe[416] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [FF, 25, 1E]
.text G:\Program Files\Comodo\Firewall\CPF.exe[416] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [05, 5F]
.text G:\Program Files\Comodo\Firewall\CPF.exe[416] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F08001E
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F86186D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F8618730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F8618950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F8618910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F8618910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F8618730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F86186D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F8618950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F8618950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F8618910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F8618730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F86186D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F8618910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F8618950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F86186D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F8618730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F86186D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F8618730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F8618910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F8618950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F8618910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F8618730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F86186D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F8618910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F8618950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F86186D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F8618730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
---- User IAT/EAT - GMER 1.0.15 ----
IAT G:\WINDOWS\system32\services.exe[716] @ G:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005D0002
IAT G:\WINDOWS\system32\services.exe[716] @ G:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005D0000
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- EOF - GMER 1.0.15 ----
Getting ready to run Hi jack this for log
-
March 14th, 2009, 08:36 PM
#4
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:05 PM, on 3/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
G:\WINDOWS\system32\cisvc.exe
G:\Program Files\COMODO\Firewall\cmdagent.exe
G:\WINDOWS\system32\inetsrv\inetinfo.exe
G:\Program Files\Java\jre6\bin\jqs.exe
G:\WINDOWS\system32\CAPM2RSK.EXE
G:\Program Files\Macrium\Reflect\ReflectService.exe
G:\WINDOWS\System32\snmp.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE
G:\WINDOWS\system32\mqsvc.exe
G:\WINDOWS\system32\mqtgsvc.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\AGRSMMSG.exe
G:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
G:\Program Files\Java\jre6\bin\jusched.exe
G:\WINDOWS\System32\svchost.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Program Files\Comodo\Firewall\CPF.exe
G:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
G:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\WinZip\WZQKPICK.EXE
G:\Program Files\MSN Messenger\usnsvc.exe
G:\WINDOWS\system32\cidaemon.exe
G:\WINDOWS\system32\cidaemon.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - G:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - G:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - G:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "G:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "G:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [OrderReminder] G:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = G:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://G:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: g:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - G:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166148432437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166152067369
O16 - DPF: {975F9329-0F5F-48D2-ADF8-AEFB19DEFB5F} (ZohoMeeting Control) - http://meeting.zoho.com/login/Agent.jsp
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - AppInit_DLLs: G:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - G:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - G:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - G:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 8737 bytes
-
March 14th, 2009, 08:46 PM
#5
Did you install askbar? You would probably do well to uninstall it as it is classified as adware.
==
Scan with HijackThis and then place a check next to all the following, if present:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - AppInit_DLLs: G:\WINDOWS\system32\cssdll32.dll
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
files...
G:\WINDOWS\system32\cssdll32.dll
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.
-
Reboot.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
-
March 14th, 2009, 09:36 PM
#6
Hers 2 nd log Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:04 PM, on 3/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
G:\WINDOWS\system32\cisvc.exe
G:\Program Files\COMODO\Firewall\cmdagent.exe
G:\WINDOWS\system32\inetsrv\inetinfo.exe
G:\Program Files\Java\jre6\bin\jqs.exe
G:\WINDOWS\system32\CAPM2RSK.EXE
G:\WINDOWS\System32\msiexec.exe
G:\Program Files\Macrium\Reflect\ReflectService.exe
G:\WINDOWS\System32\snmp.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE
G:\WINDOWS\system32\mqsvc.exe
G:\WINDOWS\system32\mqtgsvc.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\WINDOWS\AGRSMMSG.exe
G:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
G:\Program Files\Java\jre6\bin\jusched.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Comodo\Firewall\CPF.exe
G:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
G:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
G:\Program Files\MSN Messenger\msnmsgr.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\WinZip\WZQKPICK.EXE
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\MSN Messenger\usnsvc.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - G:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "G:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "G:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [OrderReminder] G:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = G:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://G:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: g:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - G:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166148432437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166152067369
O16 - DPF: {975F9329-0F5F-48D2-ADF8-AEFB19DEFB5F} (ZohoMeeting Control) - http://meeting.zoho.com/login/Agent.jsp
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - G:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - G:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - G:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 8415 bytes
-
March 14th, 2009, 09:54 PM
#7
Log is clean now. To check if there may be anything else, try this;
Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
- You will need to use Internet Explorer to complete this scan.
- You will need to temporarily Disable your current Anti-virus program.
- Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
- When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
NOTE: If you are unable to complete the ESET scan, please try another from the list below:
-
March 15th, 2009, 04:13 AM
#8
The pc I was working on was 50+ miles away I wasn't able to get the Eset to run so did a Kaspersky scan which wasn't finished when I left. It was showing lot's of viri guess my ? to you would I still not want to fix or remove them? Or just post a log? Thanks for all the help Crunchie
-
March 15th, 2009, 04:32 AM
#9
Anything found by Kaspersky should be removed manually. Will not hurt to post the results so we can see what was found.
-
March 15th, 2009, 01:01 PM
#10
-
March 15th, 2009, 03:25 PM
#11
Mostly quarantined stuff. How is the pc now?
-
March 15th, 2009, 03:34 PM
#12
It seems ok however it has been only going on about ever 2 weeks or month so will have to wait and see if Avast picks up the Tenga virus again. When this happens it takes the .exe files from several programs on fix/Quarantine and the programs or at least the exe files has to be brought in from the install disk. Thank's for all the help will post back if it returns
-
April 30th, 2009, 12:39 PM
#13
Well here it is back as of today. I am having the friend run through the programs to see if we can get it out again. Like I said I am 50+ miles away so trying to do it on Telephone.
-
April 30th, 2009, 04:21 PM
#14
I doubt that it has been laying dormant on your pc for the last 6 weeks, so it has to be somewhere you have been on the net, or something you have transferred from the net.
See what the scans come up with and post back.
-
April 30th, 2009, 07:23 PM
#15
Trying to get friend to do it he will be new member foe2839
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
