Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ran First part of spywhere as told now have a log to look at

Started by jkueter24 , Oct 21 2006 12:13 PM

  • Please log in to reply

#1
jkueter24
Posted 21 October 2006 - 12:13 PM

jkueter24

    Member

  • Member
  • PipPip
  • 16 posts
I ran all of the stuff that was on this website for the malware removal here is the log for my Active scan


Incident Status Location

Adware:Adware/VirusBurst Not disinfected C:\WINDOWS\system32\gqagksr.dll
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared [email protected][2].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared [email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@belnk[2].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared [email protected][1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@ccbill[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared [email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@doubleclick[1].txt
Spyware:Cookie/E-eliminator Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@evidence-eliminator[1].txt
Spyware:Cookie/GangbangSquad Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@gangbangsquad[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@gostats[2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@kinghost[1].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@outster[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@rightmedia[2].txt
Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@teensforcash[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@toplist[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@webpower[2].txt
Spyware:Cookie/GangbangSquad Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared [email protected][1].txt
Spyware:Cookie/Safetyhomepage Not disinfected C:\Documents and Settings\Jared Kueter\Cookies\jared [email protected][1].txt
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\Jared Kueter\Local Settings\Temporary Internet Files\Content.IE5\SHOXIVCL\safetyhomepage[1].htm
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jesse Kueter\Cookies\jesse kueter@2o7[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jesse Kueter\Cookies\jesse [email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jesse Kueter\Cookies\jesse kueter@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jesse Kueter\Cookies\jesse kueter@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jesse Kueter\Cookies\jesse kueter@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jesse Kueter\Cookies\jesse kueter@doubleclick[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jesse Kueter\Cookies\jesse kueter@overture[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jesse Kueter\Cookies\jesse kueter@revenue[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Jesse Kueter\Cookies\jesse [email protected][1].txt
Spyware:Cookie/VirusBurst Not disinfected C:\Documents and Settings\Jesse Kueter\Cookies\jesse [email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jesse Kueter\Cookies\jesse kueter@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jesse Kueter\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jesse Kueter\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\Jesse Kueter\Local Settings\Temporary Internet Files\Content.IE5\X7DN6BZ5\theuptodatesafety[1].htm
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy [email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy [email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@drivecleaner[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy [email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@go[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@hitbox[2].txt
Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@malwarewipe[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@serving-sys[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy [email protected][2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@winantivirus[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy [email protected][2].txt
Spyware:Cookie/VirusBurst Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy [email protected][2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Sandy Kueter\Cookies\sandy [email protected][2].txt
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\Sandy Kueter\Local Settings\Temporary Internet Files\Content.IE5\61PE3618\theuptodatesafety[1].htm
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\Sandy Kueter\Local Settings\Temporary Internet Files\Content.IE5\PN7FPHWI\safetyhomepage[1].htm
Spyware:Cookie/VirusBurst Not disinfected C:\Documents and Settings\Travis Kueter\Cookies\travis [email protected][2].txt
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\Travis Kueter\Local Settings\Temporary Internet Files\Content.IE5\AHET8T0B\theuptodatesafety[1].htm
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@advertising[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@belnk[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][2].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@ccbill[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@cgi-bin[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@drivecleaner[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@fastclick[2].txt
Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@gammae[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@go[2].txt
Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@malwarewipe[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@rightmedia[2].txt
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@sexlist[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@statcounter[2].txt
Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@teensforcash[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@toplist[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@webpower[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@winantivirus[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][1].txt
Spyware:Cookie/VirusBurst Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][2].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][2].txt
Potentially unwanted tool:Application/VirusBurst Not disinfected C:\Documents and Settings\Tyler Kueter\Local Settings\Temp\vb365.exe
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\Tyler Kueter\Local Settings\Temporary Internet Files\Content.IE5\G7CUXEIB\theuptodatesafety[1].htm
Adware:Adware/PCodec Not disinfected C:\Program Files\VideosCodec\isauninst.exe
Adware:Adware/IntCodec Not disinfected C:\RECYCLER\S-1-5-21-914090876-3095290957-2122901767-1011\Dc45.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe



Here is my Hijack This log

Logfile of HijackThis v1.99.1
Scan saved at 9:02:42 AM, on 10/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Documents and Settings\Sandy Kueter\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\eAcceleration\Station\station.exe
C:\Documents and Settings\Sandy Kueter\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O2 - BHO: AIM Helper - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\Program Files\AIM Toolbar\aimhelper.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Sandy Kueter\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.iowatelecom.net
O16 - DPF: symsupportutil - https://www-secure.s...supportutil.CAB
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Sandy Kueter\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Can you help me remove everything that needs to be removed.

Thanks!!
  • 0

Advertisements

#2
MFDnSC
Posted 25 October 2006 - 06:41 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.

===============

Add remove programs - remove stop sign

========================

Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log
  • 0

#3
jkueter24
Posted 05 November 2006 - 10:40 AM

jkueter24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
here is what i got on my 2 reports.

SmitFraudFix v2.81

Scan done at 15:49:22.26, Fri 11/03/2006
Run from C:\Documents and Settings\Jesse Kueter\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon"

[HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="C:\WINDOWS\system32\gqagksr.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="C:\WINDOWS\system32\gqagksr.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon"

[HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="C:\WINDOWS\system32\gqagksr.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="C:\WINDOWS\system32\gqagksr.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End



#######################################################


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:13:33 PM 11/3/2006

+ Scan result:



HKU\S-1-5-21-914090876-3095290957-2122901767-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{202A961F-23AE-42B1-9505-FFE3C818D717} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-914090876-3095290957-2122901767-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D1AC752E-883F-4ED8-8828-B618C3A72152} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706} -> Adware.VirusBurst : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\hydrodictyon -> Adware.VirusBurst : Cleaned with backup (quarantined).
C:\Documents and Settings\Tyler Kueter\Local Settings\Temporary Internet Files\Content.IE5\8HWJ8303\zpopup[2].cgi -> Not-A-Virus.Exploit.HTML.UrlSpoof.a : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\gqagksr.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
[776] C:\WINDOWS\system32\gqagksr.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
C:\Program Files\VideosCodec\isauninst.exe -> Not-A-Virus.Hoax.Win32.Renos.fh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP862\A0061990.exe -> Not-A-Virus.Hoax.Win32.Renos.fh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP862\A0061991.exe -> Not-A-Virus.Hoax.Win32.Renos.fh : Cleaned with backup (quarantined).
C:\Documents and Settings\Tyler Kueter\Local Settings\Temp\laf364.tmp -> Not-A-Virus.Hoax.Win32.Renos.ft : Cleaned with backup (quarantined).
C:\Documents and Settings\Jared Kueter\Cookies\jared [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jesse Kueter\Cookies\jesse kueter@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jesse Kueter\Cookies\jesse [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sandy Kueter\Cookies\sandy [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Jesse Kueter\Cookies\jesse kueter@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Jesse Kueter\Cookies\jesse kueter@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Jesse Kueter\Cookies\jesse [email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Sandy Kueter\Cookies\sandy [email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Jared Kueter\Cookies\jared kueter@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jesse Kueter\Cookies\jesse kueter@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Sandy Kueter\Cookies\sandy [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Jesse Kueter\Cookies\jesse kueter@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Jesse Kueter\Cookies\jesse [email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Sandy Kueter\Cookies\sandy [email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Jesse Kueter\Cookies\jesse kueter@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Sandy Kueter\Cookies\sandy kueter@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Tyler Kueter\Cookies\tyler kueter@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Jesse Kueter\Cookies\jesse [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Sandy Kueter\Cookies\sandy [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jesse Kueter\Cookies\jesse kueter@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\$hf_mig$\KB840987\SP1QFE\winlogon.exe -> Trojan.Delf.nl : Cleaned with backup (quarantined).


::Report end



Thanks!
  • 0

#4
MFDnSC
Posted 05 November 2006 - 02:45 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Need a new hijack log

IE - Block Third party cookies
1. Click on the Tools button on the Internet Explorer tool bar.
2. Highlight and click on Internet options at the bottom of the Tools menu.
3. Select the Privacy Tab of the Internet Options menu.
4. Select the Advanced... button at the bottom of the screen.
5. Select override automatic cookie handling button.
6. To block third party cookies select block under "Third-party cookies".
7. Select "always allow session cookies".
8. Click on the OK button at the bottom of the screen.
  • 0

#5
jkueter24
Posted 10 November 2006 - 05:31 PM

jkueter24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here is my hijack log

Logfile of HijackThis v1.99.1
Scan saved at 5:29:07 PM, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Documents and Settings\Sandy Kueter\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\eAcceleration\Station\station.exe
C:\Documents and Settings\Sandy Kueter\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Netropa\OSD.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O2 - BHO: AIM Helper - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\Program Files\AIM Toolbar\aimhelper.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Sandy Kueter\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.iowatelecom.net
O16 - DPF: symsupportutil - https://www-secure.s...supportutil.CAB
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Sandy Kueter\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Thanks
  • 0

#6
MFDnSC
Posted 11 November 2006 - 08:48 AM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Clean Posted Image

Restore points
Turn off restore points, boot, turn them back on – here’s how

http://service1.syma...src=sec_doc_nam
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP