No, the one in Windows/System32 is the legit file. The bad one in Windows may be gone, but lets check.
Reboot back into Normal mode, and do this:
Run HijackThis and click on Open the Misc Tools section.
Click on Delete a file on reboot...
Copy and paste the following into the "File name:" text box and then click Open:
C:\WINDOWS\smss.exe
When you are asked "Do you want to restart your computer now?", click OK.
Before i restart in safe mode, last time i did that, my whole screen was way out of resolution, like all zoomed in, and i could only see like half my desktop icons. After i restarted back into normal mode everything was back to normal. Any ideas before i go back to trying safe mode?
If you right click on the desktop while in safe mode and the left click "arrange icons by" you will then see the option to click auto arrange icons, then all your icons will be visible/accessable while in safe mode etc.
You will have to reorganize them to how you like them in normal mode but it is a small price to pay.
Sorry to butt in Trogan_1000 but am hoping it will help a little.
Ehhh my brother loves everton "i was forced to put that in"
Well if you know anything about it.. Im rank 12 marshal, tryin to grind rank 13 field marshal.. so i really need to play alot lol. My character got hacked twice yesterday cause of this f'ing keylogger. I changed my wow pass on my laptop though and just copy and paste the pass on this computer, so i hope eaither a. im not keylogged anymore or b. keyloggers cant read what you copy and paste. Panda scan at 50% now
Should i stop the scan early so you can look at what it found 2night? it found the things within teh first few minutes, doubt it will find anything else
I stopped at about 70%, il do a full scan overnight
Incident Status Location
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@2o7[2].txt[/email]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@atwola[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@belnk[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@dist.belnk[2].txt[/email]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@www.myaffiliateprogram[1].txt[/email]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@atwola[2].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@belnk[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@dist.belnk[2].txt[/email]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@drivecleaner[1].txt[/email]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@go[1].txt[/email]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@searchportal.information[2].txt[/email]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@stats.drivecleaner[2].txt[/email]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@www.drivecleaner[1].txt[/email]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@xiti[1].txt[/email]
Adware:Adware/PurityScan Not disinfected C:\Program Files\Cowabanga\uninstaller.exe
btw that bkp is not the keylogger. Thats actually a program/file i used a couple years ago to try and keylog my brothers computer and ****. But ill run another full scan and let you know the results tomorrow morning i guess.
My virus protector just found configsys trojan and blocked it, when i googled it , it said to end task on smss.exe, i tryed that and it says this is a crticial process and can not be ended.. will post a full panda scan to follow
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@2o7[1].txt[/email]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@advertising[2].txt[/email]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@atdmt[2].txt[/email]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@atwola[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@belnk[1].txt[/email]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@clickbank[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@dist.belnk[2].txt[/email]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@doubleclick[1].txt[/email]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@statcounter[1].txt[/email]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@www.myaffiliateprogram[2].txt[/email]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@atwola[2].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@belnk[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@dist.belnk[2].txt[/email]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@drivecleaner[1].txt[/email]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@go[1].txt[/email]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@searchportal.information[2].txt[/email]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@stats.drivecleaner[2].txt[/email]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@www.drivecleaner[1].txt[/email]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@xiti[1].txt[/email]
Adware:Adware/PurityScan Not disinfected C:\Program Files\Cowabanga\uninstaller.exe
Possible Virus. Not disinfected C:\WINDOWS\smss.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:46:31 AM, on 10/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
File: smss.exe
Status: INFECTED/MALWARE
MD5 baad156fad3c8ce4df33c308768c7b89
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found Trojan.DownLoader.12755
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Those HijackThis entries are not going, and I'm not sure why.
Do this:
Step 1.
==========
- Please download F-Secure's trial Blacklight from here
- Print out the help page for guidance. It will be found here
- Click the "I Accept" button at the the license agreement
- Click the "Download" button to start the download
- Save it to your Desktop
Step 2.
==========
- Double-click the blbeta.exe file on your Desktop
- Select the "I Accept the agreement" at the license agreement, then click "Next"
- Make sure all open programs and windows are closed (including this IE window) before clicking the "Scan" button
- Click "Scan
- When the animated graphics, in the bottom right-hand corner, disappears, click "Next"
- A text log file will appear on your Desktop when the scan is complete. It will start with fsbl-xxxxxx.txt (ie: fsbl-20051017165931.log)
- Paste the contents of that log back here.
Comments
Reboot back into Normal mode, and do this:
Run HijackThis and click on Open the Misc Tools section.
Click on Delete a file on reboot...
Copy and paste the following into the "File name:" text box and then click Open:
C:\WINDOWS\smss.exe
When you are asked "Do you want to restart your computer now?", click OK.
Your PC MUST reboot to delete the file!
Continue with the Panda scan please.
If you right click on the desktop while in safe mode and the left click "arrange icons by" you will then see the option to click auto arrange icons, then all your icons will be visible/accessable while in safe mode etc.
You will have to reorganize them to how you like them in normal mode but it is a small price to pay.
Sorry to butt in Trogan_1000 but am hoping it will help a little.
Ehhh my brother loves everton "i was forced to put that in"
Shal
btw its only like 20% done and already found 14 spyware and 1 hacking tools =(
Incident Status Location
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@2o7[2].txt[/email]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@atwola[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@belnk[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@dist.belnk[2].txt[/email]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@www.myaffiliateprogram[1].txt[/email]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@atwola[2].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@belnk[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@dist.belnk[2].txt[/email]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@drivecleaner[1].txt[/email]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@go[1].txt[/email]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@searchportal.information[2].txt[/email]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@stats.drivecleaner[2].txt[/email]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@www.drivecleaner[1].txt[/email]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@xiti[1].txt[/email]
Adware:Adware/PurityScan Not disinfected C:\Program Files\Cowabanga\uninstaller.exe
btw that bkp is not the keylogger. Thats actually a program/file i used a couple years ago to try and keylog my brothers computer and ****. But ill run another full scan and let you know the results tomorrow morning i guess.
Download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe
Tutorial for the uninstaller if needed
____________
Do the above, and post a full Panda scan when you have it. I'm going now so I'll check back later.
Download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe
Tutorial for the uninstaller if needed
____________
Does and is for before I do it? would appreciate it =)
Incident Status Location
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@2o7[1].txt[/email]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@advertising[2].txt[/email]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@atdmt[2].txt[/email]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@atwola[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@belnk[1].txt[/email]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@clickbank[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@dist.belnk[2].txt[/email]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@doubleclick[1].txt[/email]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@statcounter[1].txt[/email]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@www.myaffiliateprogram[2].txt[/email]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected C:\Documents and Settings\Valued Customer\Desktop\AiM STuFF\i_bpk2003.exe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@atwola[2].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@belnk[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@dist.belnk[2].txt[/email]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@drivecleaner[1].txt[/email]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@go[1].txt[/email]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@searchportal.information[2].txt[/email]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@stats.drivecleaner[2].txt[/email]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@www.drivecleaner[1].txt[/email]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@xiti[1].txt[/email]
Adware:Adware/PurityScan Not disinfected C:\Program Files\Cowabanga\uninstaller.exe
Possible Virus. Not disinfected C:\WINDOWS\smss.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:46:31 AM, on 10/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\AOL\1102897905\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1102897905\ee\AOLServiceHost.exe
c:\program files\common files\aol\1102897905\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1102897905\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\smss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102897905\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [explorer]
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\20061027221510_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\20061027221540_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ou6sound.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ou6sound.dll
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134677080139
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161991097409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) - http://206.65.172.231/check/netset//install/gtdowngc.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: explorer - explorer.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: win_spool2 - win_spool2.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\smss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
File: smss.exe
Status: INFECTED/MALWARE
MD5 baad156fad3c8ce4df33c308768c7b89
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found Trojan.DownLoader.12755
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Do this:
Step 1.
==========
- Please download F-Secure's trial Blacklight from here
- Print out the help page for guidance. It will be found here
- Click the "I Accept" button at the the license agreement
- Click the "Download" button to start the download
- Save it to your Desktop
Step 2.
==========
- Double-click the blbeta.exe file on your Desktop
- Select the "I Accept the agreement" at the license agreement, then click "Next"
- Make sure all open programs and windows are closed (including this IE window) before clicking the "Scan" button
- Click "Scan
- When the animated graphics, in the bottom right-hand corner, disappears, click "Next"
- A text log file will appear on your Desktop when the scan is complete. It will start with fsbl-xxxxxx.txt (ie: fsbl-20051017165931.log)
- Paste the contents of that log back here.
10/31/06 02:09:37 [Info]: OS: 5.1 build 2600 (Service Pack 1)
10/31/06 02:09:37 [Note]: 7019 4
10/31/06 02:09:37 [Note]: 7005 0
10/31/06 02:10:07 [Note]: 7006 0
10/31/06 02:10:07 [Note]: 7011 1944
10/31/06 02:10:08 [Note]: 7026 0
10/31/06 02:10:08 [Note]: 7026 0
10/31/06 02:10:30 [Note]: FSRAW library version 1.7.1020
10/31/06 10:29:34 [Note]: 7007 0
AVG Anti-Spyware - Scan Report
+ Created at: 10:30:59 AM 10/31/2006
+ Scan result:
C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@msnportal.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@paypal.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@advertising[1].txt[/email] -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@atdmt[2].txt[/email] -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@clickbank[1].txt[/email] -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@doubleclick[1].txt[/email] -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@e-2dj6whkielazmdp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@e-2dj6wjkowmajgeo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@www.myaffiliateprogram[2].txt[/email] -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@edge.ru4[1].txt[/email] -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@statcounter[1].txt[/email] -> TrackingCookie.Statcounter : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP417\A0090294.exe -> Trojan.Lineage.ajf : Cleaned with backup (quarantined).
::Report end