virus, am i now clean

Hi
Ok Lets try this.

Go here.
http://www.kellys-korner-xp.com/xp_tweaks.htm

Scroll down to # 278 on the left hand side "Restore/Enable System Restore. "
Right click the REG File and select Save as or Save Target as, save it to your hard disk. C:\
Go to C:\
Double click the sysrestoreenable.reg file and answer yes to the import prompt.

Reboot your computer.

Now Click Start.
Right-click the My Computer icon, and then click Properties.
Click the System Restore tab.

Make sure system restore is running and make a restore point.

Let me know.

Geri

 

hi

no sorry geri samething

 

Hi
OK
Please download this and post the Main txt log.

Please download Deckard's System Scanner (dss.exe) and save it to your Desktop.
Note: You must be logged onto an account with administrator privileges to complete the following.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy and then paste the contents of main.txt and extra.txt in your next reply.

Please post the "main.txt" log only for now.

Thanks
Geri

 

main.txt

Deckard's System Scanner v20071014.68
Run by mark on 2008-01-29 03:09:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 90% (more than 75%).
Total Physical Memory: 128 MiB (512 MiB recommended).


-- HijackThis (run as mark.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:11:47, on 29/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\mark\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\mark.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1195904539216
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5174/mcfscan.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 5672 bytes

-- Files created between 2007-12-29 and 2008-01-29 -----------------------------

2008-01-29 02:50:40 0 d-------- C:\WINDOWS\LastGood
2008-01-29 00:54:55 0 d-------- C:\WINDOWS\Prefetch
2008-01-28 03:52:50 2404 --a------ C:\sysrestoreenable.reg
2008-01-28 00:27:33 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-28 00:27:33 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-28 00:27:33 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-28 00:27:33 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-01-28 00:27:33 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-28 00:27:33 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-28 00:27:33 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-28 00:27:33 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-01-28 00:27:33 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-28 00:27:33 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-01-28 00:27:33 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-28 00:27:33 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-01-28 00:27:33 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-28 00:27:33 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-27 19:35:18 0 d-------- C:\Program Files\ACW
2008-01-27 16:26:12 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-27 05:56:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-27 05:56:25 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-26 20:57:24 1106 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-25 12:34:00 0 d-------- C:\Documents and Settings\mark\Application Data\WinPatrol
2008-01-25 04:25:13 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-01-25 04:25:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-25 04:23:19 0 d-------- C:\Program Files\SiteAdvisor
2008-01-25 04:22:14 0 d-------- C:\Documents and Settings\mark\Application Data\SiteAdvisor
2008-01-25 04:22:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-25 04:19:53 0 d-------- C:\Program Files\BillP Studios
2008-01-25 04:16:01 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-01-25 04:15:43 0 d-------- C:\Program Files\SpywareBlaster
2008-01-25 03:57:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-25 03:27:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-25 03:18:09 0 d-------- C:\ie-spyad_zo
2008-01-25 02:22:08 0 d-------- C:\Documents and Settings\mark\Application Data\Comodo
2008-01-25 02:21:58 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-01-25 02:21:49 0 d-------- C:\Program Files\COMODO
2008-01-25 00:08:34 0 d-------- C:\Program Files\Trend Micro
2008-01-24 00:54:00 0 d-------- C:\temp
2008-01-24 00:52:04 0 d-------- C:\Program Files\hoonnet
2008-01-23 17:08:32 0 d-------- C:\Documents and Settings\mark\Application Data\Adobe
2008-01-23 16:32:12 0 d-------- C:\Documents and Settings\mark\Application Data\Musicmatch
2008-01-23 16:32:11 0 d-------- C:\Program Files\Musicmatch


-- Find3M Report ---------------------------------------------------------------

2008-01-29 01:46:49 0 dr------- C:\Program Files\Common Files
2008-01-29 00:31:08 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-29 00:28:52 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-27 18:11:01 0 dr------- C:\Program Files\Messenger
2008-01-26 16:46:37 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-24 00:51:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-23 01:41:10 0 d-------- C:\Program Files\Microsoft Games
2007-12-02 12:17:11 0 d-------- C:\Program Files\Camtech
2007-12-02 07:12:31 0 d-------- C:\Program Files\Microsoft Silverlight
2007-11-30 04:58:13 0 d-------- C:\Program Files\Alwil Software
2007-11-29 23:39:38 0 d-------- C:\Program Files\MSXML 4.0
2007-11-29 15:57:16 0 d-------- C:\Program Files\Free Easy Burner
2007-11-29 15:34:14 0 d-------- C:\Program Files\Common Files\SWF Studio
2007-11-29 15:28:52 0 d-------- C:\Program Files\Free Audio Pack
2007-11-29 14:42:10 0 d-------- C:\Program Files\MP3 Remix
2007-11-29 13:38:44 0 d-------- C:\Documents and Settings\mark\Application Data\McAfee
2007-11-25 03:23:52 115712 --a------ C:\Program Files\Microsoft Windows Onecare Live <Not Verified; Microsoft Corp.; Microsoft® CoReXT>
2007-11-22 15:38:56 62 --ahs---- C:\Documents and Settings\mark\Application Data\desktop.ini
2007-10-31 12:09:24 0 --a------ C:\CONFIG.SYS
2007-10-31 12:09:24 263 --a------ C:\AUTOEXEC.BAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD "= "C:\Program Files\BroadJump\Client Foundation\CFD.exe" [27/01/2003 17:16]
"WinPatrol "= "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [26/10/2007 16:06]
"SiteAdvisor "= "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [04/12/2007 21:03]
"COMODO Firewall Pro "= "C:\Program Files\COMODO\Firewall\cfp.exe" [25/01/2008 02:21]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 13:00]
"AtiPTA "= "atiptaxx.exe" [26/09/2001 22:39 C:\WINDOWS\SYSTEM32\atiptaxx.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /background

*Newly Created Service* - BITS



-- End of Deckard's System Scanner: finished at 2008-01-29 03:20:48 ------------

 

system restore point

managed to a system restore

 

sorry

ment to say created system restore point

 

Hi
Just to verify.

System restore is up and running?

Just want to make sure while I go through the dss log.

Geri

 

hi

it still not on system properities tab

but i can at least get to it now from control panel

 

Hi
Lets look here.

OK Go to your control Panel
Open User Accounts
Click on Change an Account
Click on Your Account
Click on Change My account type
Make sure Computer Administrator is selected, If not select it. <<( Let me know)
Click on Change Account Type.
OK any prompts, if any.
Close the window and reboot.

Now see if to can see the restore Tab

Geri

 

hi

user was set to Computer Administrator
tried reboot still nothing
but at least the virus is gone
small price

 

Hi
I haven't given up yet.

I'll get back to you.

Geri

 

Hi carljohnson

Are you using XP Home or XP Pro?

Thanks
Geri

 

hi sorry i've been away

but good news my tab is back,
everything working great Cheers Geri
i know it wasn't the best thing to do but there wasn't much on my computer any way i'm wiating for my new hard drive to come in the post,
so i never really installed much.

i deleted the partition, formated my drive to ntfs and reinstalled xp
i hadn't realised how slow my machine had got until now. now i click on an icon and "IT OPEN STRAIGHT AWAY" how good's that
i'm reinstalling all my av and such like so that i keep safe but.

the missing tab thingie i've been reading a lot some say it could be caused by viruses some say lavasoft ad_aware.

i don't want to install lavasoft ad_aware if it's going to happen again.


what do you think?
is Avast + spybot S&D enough?

once again thank for all your time and effort
i'll give you a break from me i think i post some Question in a different thread

 

Hi carljohnson
OK, That's good.

I haven't seen that about Ad-Aware, but it could be?

Here is some recommendations, Ad-Aware is good, but you don't have to have it.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forms.
http://www.windowsbbs.com/showthread.php?t=67958

You're welcome, that's why I come here.

Good luck with that new HD, if you need help, our people over in the hardware section are great.

Surf Safely
Geri

 

cheers i've just been posting
not very happy we've got storms here
wrote a really big essay just before posting power went off
not a happy bunny

i'll always follow what you say
you say that i should have two (sypbot & ad-aware)
it's just with that tab thing it was a bit annoying
don't want to go down that road again


but apart from that thank you are a star for helping