GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

View previous topic View next topic Go down

NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Fri Jan 01, 2010 7:36 am

I ran Malwarebytes - removed everything from the scan and still cannot connect to internet or use antivirus. Here is the log from Malewarebytes:

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/1/2010 1:13:34 AM
mbam-log-2010-01-01 (01-13-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 186274
Time elapsed: 48 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 65
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 38

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f01c1d82-b00d-4bea-ba5e-db18a50168b9} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f01c1d82-b00d-4bea-ba5e-db18a50168b9} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbax (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbax.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebutton (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebutton.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90f62ef7-58d1-4e8e-bb3e-cfb10ba9e47b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b2b92bc9-e149-4ee8-a93e-0b8cfb329808} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.Multiple) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{022c671f-6cba-4a03-a8f9-3b3a361b235a} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8ad815fc-607b-419f-8b70-d345a507a54e} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f01c1d82-b00d-4bea-ba5e-db18a50168b9} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zwangi (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\PrivacyCenter (Rogue.PrivacyCenter) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\db (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\dwld (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\report (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\res2 (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Bin (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Bin\2.5.1 (Adware.SmartShopper) -> No action taken.

Files Infected:
C:\DOCUME~1\DARRIA~1\LOCALS~1\Temp\~240.dll (Trojan.BHO.H) -> No action taken.
C:\Program Files\Zwangi\uninstall.exe (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0102516.exe (Rogue.WindowsSecuritySuite) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104549.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104602.dll (Adware.SmartShopper) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104610.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104611.scr (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104612.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104551.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104553.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104554.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104555.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104556.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104558.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104562.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104564.SCR (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104566.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104550.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104570.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104571.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104572.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104573.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104575.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104576.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104577.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104578.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104579.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104580.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104581.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104728.exe (Adware.SelectRebates) -> No action taken.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\Config.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\db\Sites.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\report\send_storage.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\res2\WhiteList.dbs (Adware.SmartShopper) -> No action taken.

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by Belahzur on Fri Jan 01, 2010 3:11 pm

MBAM says you didn't remove what was found.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Fri Jan 01, 2010 4:55 pm

Here's the log from hijackthis - I'm going to rerun malwarebytes and will resend that log when it is done. Thank you.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:53:13, on 1/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\Zwangi\zwangi115.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Zwangi\zwangi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Zwangi Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Zwangi\zwangi115.exe

--
End of file - 5592 bytes

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by Belahzur on Fri Jan 01, 2010 5:04 pm

Okay, I'll wait for the new MBAM log before moving on. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Fri Jan 01, 2010 5:47 pm

I must have used the log the first time before i removed everything because this one came up clean.

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/1/2010 11:47:18 AM
mbam-log-2010-01-01 (11-47-18).txt

Scan type: Full Scan (C:\|)
Objects scanned: 188477
Time elapsed: 48 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Fri Jan 01, 2010 6:17 pm

By the way - Malwarebytes gives me an error when i try to update it. It says an error occurred. Please report the following error code to the Malwarebytes' Anti-Malware support team. Error code: 732 (12029, 0). I'm on version 3458. Thank you again for your assistance.

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Fri Jan 01, 2010 6:20 pm

I found the log from Malwarebytes where it deleted everything:

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/1/2010 1:13:50 AM
mbam-log-2010-01-01 (01-13-50).txt

Scan type: Full Scan (C:\|)
Objects scanned: 186274
Time elapsed: 48 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 65
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 38

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f01c1d82-b00d-4bea-ba5e-db18a50168b9} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f01c1d82-b00d-4bea-ba5e-db18a50168b9} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.hbax (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.hbax.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebutton (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebutton.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90f62ef7-58d1-4e8e-bb3e-cfb10ba9e47b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b2b92bc9-e149-4ee8-a93e-0b8cfb329808} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{022c671f-6cba-4a03-a8f9-3b3a361b235a} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ad815fc-607b-419f-8b70-d345a507a54e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f01c1d82-b00d-4bea-ba5e-db18a50168b9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zwangi (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PrivacyCenter (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\db (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\dwld (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\report (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\res2 (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Shopper\Bin (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Shopper\Bin\2.5.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

Files Infected:
C:\DOCUME~1\DARRIA~1\LOCALS~1\Temp\~240.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Program Files\Zwangi\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0102516.exe (Rogue.WindowsSecuritySuite) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104549.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104602.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104610.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104611.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104612.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104551.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104553.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104554.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104555.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104556.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104558.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104562.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104564.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104566.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104550.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104570.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104571.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104572.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104573.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104575.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104576.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104577.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104578.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104579.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104580.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104581.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27A6123B-277D-4DCD-9D93-0BC200A561A3}\RP107\A0104728.exe (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\Config.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\db\Sites.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\report\send_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darrian Troy\Application Data\Smart-Shopper\cs\res2\WhiteList.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by Belahzur on Fri Jan 01, 2010 7:12 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - Default URLSearchHook is missing
    O1 - Hosts: ::1 localhost
    O23 - Service: Zwangi Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Zwangi\zwangi115.exe


  • Press "Fix Checked"
  • Close Hijack This.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

sc delete Zwangi Service

Next,

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Fri Jan 01, 2010 8:13 pm

DDS (Ver_09-12-01.01) - NTFSx86
Run by Darrian Troy at 14:13:07.71 on Fri 01/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.588 [GMT -6:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Zwangi\zwangi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Darrian Troy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: &Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-31 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090804.003\NAVENG.SYS [2009-8-4 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090804.003\NAVEX15.SYS [2009-8-4 875728]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
S4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
S4 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-12-25 1251720]
S4 Zwangi Service;Zwangi Service;c:\documents and settings\all users\application data\zwangi\zwangi115.exe [2009-6-30 54760]

=============== Created Last 30 ================

2010-01-01 16:52:49 0 d-----w- c:\program files\TrendMicro
2010-01-01 07:34:11 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-01-01 07:34:09 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-01-01 07:33:40 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-01 06:23:04 0 d-----w- c:\docume~1\darria~1\applic~1\Malwarebytes
2010-01-01 06:22:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 06:22:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 06:22:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-01 06:22:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 02:10:44 502 ----a-w- c:\windows\system32\tmp.reg
2010-01-01 01:50:49 0 d-----w- c:\program files\Spyware Doctor
2010-01-01 01:50:49 0 d-----w- c:\program files\common files\PC Tools

==================== Find3M ====================

2010-01-01 02:27:35 109953 ----a-w- c:\windows\system32\nvModes.dat
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-05-04 14:12:01 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-05-04 14:12:01 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-05-04 14:12:03 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 14:13:44.79 ===============

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Fri Jan 01, 2010 8:20 pm

how do i attach the zip file?

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by Belahzur on Fri Jan 01, 2010 8:24 pm

Just post it as normal.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Fri Jan 01, 2010 8:28 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/17/2008 6:12:53 PM
System Uptime: 1/1/2010 1:15:04 PM (1 hours ago)

Motherboard: Dell Inc. | | 0JK187
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 981/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 57.537 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP88: 9/16/2009 7:40:28 PM - Restore Operation
RP89: 9/16/2009 7:44:31 PM - Restore Operation
RP90: 9/16/2009 7:48:19 PM - Restore Operation
RP91: 9/16/2009 7:52:21 PM - Restore Operation
RP92: 9/16/2009 7:57:08 PM - Restore Operation
RP93: 9/16/2009 8:01:19 PM - Restore Operation
RP94: 9/16/2009 8:07:52 PM - Restore Operation
RP95: 9/16/2009 8:11:17 PM - Restore Operation
RP96: 9/16/2009 8:16:17 PM - Restore Operation
RP97: 9/16/2009 8:20:23 PM - Restore Operation
RP98: 9/16/2009 8:23:58 PM - Restore Operation
RP99: 9/16/2009 8:28:08 PM - Restore Operation
RP100: 9/16/2009 8:32:04 PM - Restore Operation
RP101: 9/16/2009 8:35:34 PM - Restore Operation
RP102: 9/17/2009 7:54:12 PM - Restore Operation
RP103: 9/17/2009 8:20:38 PM - Restore Operation
RP104: 9/17/2009 8:24:15 PM - Restore Operation
RP105: 9/17/2009 8:27:48 PM - Restore Operation
RP106: 9/17/2009 8:31:57 PM - Restore Operation
RP107: 12/29/2009 9:02:12 PM - Restore Operation
RP108: 1/1/2010 2:26:30 AM - System Checkpoint
RP109: 1/1/2010 3:00:18 AM - Software Distribution Service 3.0
RP110: 1/1/2010 10:47:20 AM - Software Distribution Service 3.0
RP111: 1/1/2010 10:52:48 AM - Installed HiJackThis

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Adobe Shockwave Player 11
AiO_Scan
Alien Shooter
AppCore
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE
Ben 10 Alien Force Bounty Hunters
Big Fish Games Client
Bonjour
Build a lot 3
Cake Mania
ccCommon
Component Framework
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Enterprise
Google Toolbar for Internet Explorer
HiJackThis
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
HP PSC & Officejet 4.2 Corporate Edition
iTunes
Java(TM) 6 Update 7
Left 4 Dead
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
My.Freeze.com NetAssistant
Mystery Case Files - Prime Suspects
Mystic Inn
Netflix Movie Viewer
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Norton Security Scan
Norton Security Scan (Symantec Corporation)
NVIDIA Drivers
OpenOffice.org 3.0
Plant Tycoon
PrivacyCenter
QFolder
QuickTime
RocketBowl
RollerCoaster Tycoon 3
Safari
Scan
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB975467)
SPBBC 32bit
Spybot - Search & Destroy
Steam
Symantec Real Time Storage Protection Component
SymNet
Unity Web Player
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
V CAST Music
Virtual Villagers The Lost Children
VLC media player 0.9.6
WeatherBug
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Winferno Registry Power Cleaner
Zoo Tycoon: Complete Collection

==== Event Viewer Messages From Past Week ========

12/31/2009 7:50:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/31/2009 6:58:25 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/31/2009 6:09:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/31/2009 11:36:27 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
12/31/2009 11:05:12 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/31/2009 11:04:54 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/31/2009 11:04:35 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
12/31/2009 10:49:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm Sparrow SPBBCDrv SRTSP SRTSPX SYMTDI
12/31/2009 10:48:26 PM, error: Sparrow [4] - Driver detected an internal error in its data structures for .
12/30/2009 6:23:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm SPBBCDrv SRTSP SRTSPX SYMTDI
12/30/2009 6:19:13 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/30/2009 5:58:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/30/2009 5:58:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/30/2009 5:36:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/30/2009 5:08:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSP SRTSPX SYMTDI Tcpip
12/30/2009 5:08:07 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/30/2009 5:08:07 PM, error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
12/30/2009 5:08:07 PM, error: Service Control Manager [7001] - The Message Queuing service depends on the Distributed Transaction Coordinator service which failed to start because of the following error: The dependency service or group failed to start.
12/30/2009 5:08:07 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/30/2009 5:08:07 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/30/2009 5:08:07 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/30/2009 5:08:07 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/30/2009 5:08:07 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2009 9:30:12 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/29/2009 9:15:12 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/29/2009 10:00:12 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/1/2010 1:18:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
1/1/2010 1:17:08 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by Belahzur on Fri Jan 01, 2010 8:34 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 7
    My.Freeze.com NetAssistant

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :services
    Zwangi Service

    :files
    c:\documents and settings\all users\application data\zwangi


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Fri Jan 01, 2010 8:49 pm

I removed Java(TM) 6 Update 7 but the My.Freeze.com NetAssistant says: An error occurred while trying to remove My.Freeze.com NetAssistant. It may have already been uninstalled. Would you like to remove My.Freeze.com NetAssistant from the Add or Remove programs list?
Here's the log from Old Timer:

========== SERVICES/DRIVERS ==========
Service Zwangi Service stopped successfully!
Service Zwangi Service deleted successfully!
========== FILES ==========
c:\documents and settings\all users\application data\Zwangi folder moved successfully.

OTM by OldTimer - Version 3.1.4.0 log created on 01012010_144717

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by Belahzur on Fri Jan 01, 2010 8:51 pm

Yes, remove it from the list. Right On!

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Fri Jan 01, 2010 9:00 pm

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 15:00:56, on 1/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Zwangi\zwangi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4914 bytes

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Fri Jan 01, 2010 9:04 pm

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 15:00:56, on 1/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Zwangi\zwangi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4914 bytes

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by Belahzur on Fri Jan 01, 2010 9:11 pm

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Fri Jan 01, 2010 9:26 pm

I wish I could say Great! But unfortunately as soon as i rebooted w/Norton's active I lost the internet connection again.

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Fri Jan 01, 2010 10:05 pm

Did you give up on me? Am I that hopeless?

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by Belahzur on Fri Jan 01, 2010 10:52 pm

I had to go offline for a bit, I didn't forget you, just have some patience.
Is Norton not functioning correctly?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Fri Jan 01, 2010 10:57 pm

As long as i remove norton's from startup the interent is fine - if i put it back in boot i lose the internet. I cannot update it as well. As far as I know Norton's is fine. Thanks again for helping me.

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by Belahzur on Fri Jan 01, 2010 11:09 pm

We could try uninstalling Norton and try install something smaller and lighter on the system, Avira for example.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Fri Jan 01, 2010 11:10 pm

Ok, please send me the link.

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by Belahzur on Fri Jan 01, 2010 11:11 pm

Hello.

Completely Uninstall Norton software using:

Instructions

  1. Please download and save SymNRT.exe to your desktop.
  2. Close all programs and double click on the tool.
  3. Follow the on-screen instructions.
  4. Restart the computer if asked.
  5. Then delete the SymNRT.exe tool from your desktop.
  6. Open the Program Files folder on your local disk ( normally C: )
  7. Find and delete the following folders (if present):

    • Norton AntiVirus
    • Norton Internet Security
    • Norton SystemWorks
    • Norton Personal Firewall


Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Fri Jan 01, 2010 11:53 pm

The Norton link was expired but I got the updated one & removed. I have a license for McAfee, i am in the process of downloaded it now (which i was unable to do before). After I install & reboot - keep my fingers crossed - maybe it will work. I will let you know. Thank you so much for helping me.

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

Re: NO ANTIVIRUS/SYSTEM RESTORE-114 INFECTED

Post by rmartin9 on Sat Jan 02, 2010 12:24 am

IT WORKED!!!! FINALLY!!!! 4 DAYS LATER!!!! THANK YOU VERY MUCH - YOU ARE BY FAR MY HERO!!! I AM MAKING A DONATION!!! THANKS AGAIN!!!

rmartin9
Novice
Novice

Status :
Online
Offline

Posts : 19
Joined : 2010-01-01
OS : XP
Points : 25529
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum