Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware ugh!


  • This topic is locked This topic is locked

#1
anazopyreo

anazopyreo

    Member

  • Member
  • PipPipPip
  • 130 posts
I seem to have downloaded a virus or spyware that won't go away. I have followed all the steps you want so here are all the logs.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:07:28 PM 7/28/2006

+ Scan result:



C:\Program Files\RXToolBar -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sig -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.392:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.393:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.394:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.395:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.396:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.605:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.340:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.342:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.343:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.306:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.307:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.308:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.152:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.153:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.408:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.661:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.46:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.47:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.49:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.50:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.52:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.301:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.302:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.303:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.58:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.59:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.226:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.487:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.488:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.641:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.642:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.643:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.644:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.645:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.646:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.647:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.648:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.384:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.385:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.386:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.387:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.388:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.154:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.155:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.156:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.157:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.158:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.159:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.160:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.161:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.162:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.163:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.164:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.165:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.166:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.167:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.168:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.169:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.170:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.171:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.172:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.173:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.174:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.175:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.578:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.579:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.580:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.581:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.582:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.583:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.584:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.585:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.586:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.587:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.380:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.381:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.382:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.508:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.511:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.614:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.21:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.24:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.164:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.165:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.166:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.167:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.168:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.169:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.170:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.171:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.172:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.317:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.318:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.321:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end



Incident Status Location

Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/instafinder Not disinfected Windows Registry
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.atwola.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.webpower.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.c2.gostats.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.did-it.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.gostats.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt[.realmedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\v1jt2sml.default\cookies.txt[.atwola.com/]
Adware:Adware/VirusBurst Not disinfected C:\Documents and Settings\HP_Administrator\Local Settings\Temp\laf37.tmp
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Netscape\Netscape Browser\plugins\NPNd2fn.dll
Logfile of HijackThis v1.99.1
Scan saved at 4:21:29 PM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GhostSurf 2005\DeleteSvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iVideoCodec\isamonitor.exe
C:\Program Files\iVideoCodec\pmsngr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\iVideoCodec\isamini.exe
C:\Program Files\iVideoCodec\pmmon.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://surf.webbizin...e.asp?UID=38680
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://launch.yahoo....sp?u=1210336015
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = The Schnak rocks!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Program Files\iVideoCodec\isaddon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [dont-touch-my-ads] C:\Documents and Settings\HP_Administrator\Dont-Touch-My-Ads.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NewsletterReader] C:\Program Files\Newsletter Reader\newstray.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2005\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Organize Quick & Easy 5.0] C:\Program Files\Organize Quick & Easy 5.0\AtDem.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kl.bar.need2f...earch.html?p=KL
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Tenebril Inc. - C:\Program Files\GhostSurf 2005\DeleteSvc.exe
  • 0

Advertisements


#2
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
I figured out the virus I have is called Pest Stop. (I hate the anti-virus ones the most). I tried going through the steps that one staffer put up but it didn't work. I'll try again in cse I skipped a step or something.
  • 0

#3
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
I'm certain I didn't miss anything, here are my latest scan logs.

Logfile of HijackThis v1.99.1
Scan saved at 9:40:45 AM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GhostSurf 2005\DeleteSvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iVideoCodec\pmsngr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Computer Security\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://surf.webbizin...e.asp?UID=38680
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://music.us.musi...cast/member.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = The Schnak rocks!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [dont-touch-my-ads] C:\Documents and Settings\HP_Administrator\Dont-Touch-My-Ads.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NewsletterReader] C:\Program Files\Newsletter Reader\newstray.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2005\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Organize Quick & Easy 5.0] C:\Program Files\Organize Quick & Easy 5.0\AtDem.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2f...earch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Tenebril Inc. - C:\Program Files\GhostSurf 2005\DeleteSvc.exe


Incident

Status Location









Potentially unwanted tool:application/bestoffer

Not disinfected c:\windows\smdat32m.sys








Potentially unwanted tool:application/need2find

Not disinfected c:\program files\Need2Find








Potentially unwanted tool:application/altnet

Not disinfected

hkey_local_machine\software\microsoft\windows\currentversion\app

management\arpcache\AltnetDM




Adware:adware/instafinder

Not disinfected Windows Registry








Spyware:Cookie/Systemdoctor

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[www.syste

mdoctor.com/]


Spyware:Cookie/Maxserving

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.maxservi

ng.com/]


Spyware:Cookie/RealMedia

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.realmedi

a.com/]


Spyware:Cookie/adultfriendfinder

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.adultfri

endfinder.com/]


Spyware:Cookie/Toplist

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.toplist.

cz/]


Spyware:Cookie/Apmebf

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.apmebf.c

om/]


Spyware:Cookie/Searchportal

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[searchpor

tal.information.com/]


Spyware:Cookie/Atwola

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.atwola.c

om/]


Spyware:Cookie/WebPower

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.webpower

.com/]


Spyware:Cookie/DomainSponsor

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[landing.d

omainsponsor.com/]


Spyware:Cookie/Hbmediapro

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.adopt.hb

mediapro.com/]


Spyware:Cookie/bravenetA

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.bravenet

.com/]


Spyware:Cookie/GoStats

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.c2.gosta

ts.com/]


Spyware:Cookie/did-it

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.did-it.c

om/]


Spyware:Cookie/FortuneCity

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.fortunec

ity.com/]


Spyware:Cookie/GoStats

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt[.gostats.

com/]


Spyware:Cookie/RealMedia

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt[.realm

edia.com/]


Spyware:Cookie/Atwola

Not disinfected C:\Documents and

Settings\HP_Administrator\Application

Data\Netscape\NSB\Profiles\v1jt2sml.default\cookies.txt[.atwola.com/

]


Spyware:Cookie/Malwarewipe

Not disinfected C:\Documents and

Settings\HP_Administrator\Cookies\[email protected][1].tx

t




Spyware:Cookie/Winantivirus

Not disinfected C:\Documents and

Settings\HP_Administrator\Cookies\[email protected][1].t

xt




Spyware:Cookie/Systemdoctor

Not disinfected C:\Documents and

Settings\HP_Administrator\Cookies\[email protected][

1].txt




Potentially unwanted tool:Application/Processor

Not disinfected C:\Documents and

Settings\HP_Administrator\Desktop\Latest Virus

Stuff\smitRem\Process.exe




Potentially unwanted tool:Application/KillApp.B

Not disinfected C:\hp\bin\KillIt.exe








Possible Virus.

Not disinfected C:\Program

Files\iVideoCodec\__delete_on_reboot__p_m_m_o_n_._e_x_e_






Potentially unwanted tool:Application/Need2Find

Not disinfected C:\Program Files\Mozilla

Firefox\plugins\NPNd2fn.dll






Potentially unwanted tool:Application/Need2Find

Not disinfected C:\Program

Files\Need2Find\bar\1.bin\N2PLUGIN.DLL






Potentially unwanted tool:Application/Need2Find

Not disinfected C:\Program

Files\Need2Find\bar\1.bin\ND2FNBAR.DLL






Potentially unwanted tool:Application/Need2Find

Not disinfected C:\Program

Files\Need2Find\bar\1.bin\NPND2FN.DLL






Potentially unwanted tool:Application/Need2Find

Not disinfected C:\Program

Files\Netscape\Netscape Browser\plugins\NPNd2fn.dll






Adware:Adware/VirusBurst

Not disinfected

C:\WINDOWS\system32\rrtcany.dll






---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:43:40 PM 11/2/2006

+ Scan result:



C:\Program Files\iVideoCodec\pmmon.exe -> Downloader.Zlob.atz : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\j766639t.default\Cache\069CD5C0d01 -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.141:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end
  • 0

#4
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
It occurs to me that I should let you know that I manually removed a lot of programs i haven't been using. I'm just starting Geek U so I'm not sure if or how that will show up in any of the logs I've posted.
  • 0

#5
Burton1

Burton1

    Member

  • Member
  • PipPipPip
  • 430 posts
Hello anazopyreo, my name is Justin and i will be helping you with your HiJackThis log today.

Please follow my instructions below

Step 1


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



Step 2

Please remove the ewido anti-spyware and download the most current version.

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step 3

To get an Uninstall List from HijackThis:
  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

  • 0

#6
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
OK, here is the info you asked for. FYI each virus scan is taking about 4 hours even in Safe Mode.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:36:33 PM 11/4/2006

+ Scan result:



C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL -> Adware.IESearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-3701085934-2672138352-4035101681-1008\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\Program Files\iVideoCodec\pmmon.exe -> Downloader.Zlob.atz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP277\A0033891.exe -> Downloader.Zlob.atz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP277\A0033906.exe -> Downloader.Zlob.atz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP277\A0033922.exe -> Downloader.Zlob.atz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP277\A0033957.exe -> Downloader.Zlob.atz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP278\A0034234.exe -> Downloader.Zlob.atz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP278\A0034269.exe -> Downloader.Zlob.atz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP278\A0034294.exe -> Downloader.Zlob.atz : Cleaned with backup (quarantined).
C:\Program Files\iVideoCodec\isaddon.dll -> Downloader.Zlob.aue : Cleaned with backup (quarantined).
C:\Program Files\iVideoCodec\isamini.exe -> Downloader.Zlob.aue : Cleaned with backup (quarantined).
C:\Program Files\iVideoCodec\isamonitor.exe -> Downloader.Zlob.aue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP277\A0033890.dll -> Downloader.Zlob.aue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP277\A0033892.exe -> Downloader.Zlob.aue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP277\A0033905.dll -> Downloader.Zlob.aue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP277\A0033907.exe -> Downloader.Zlob.aue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP277\A0033921.dll -> Downloader.Zlob.aue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP277\A0033923.exe -> Downloader.Zlob.aue : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.207:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.155:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.157:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.65:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.66:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.67:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.68:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.69:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.107:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.121:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.122:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.123:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.124:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.125:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.145:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.146:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.167:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.168:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.169:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.170:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.194:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.216:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.209:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.210:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.211:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.212:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.213:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.214:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.215:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.216:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.217:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.218:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookiesnew.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
ATI Control Panel
ATI Display Driver
Attune 2.3.2
AVG Anti-Spyware 7.5
Deluxe Wills and Trusts
Diablo II
DirectX Media Runtime 5.1
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EA AutoPatch
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
EULAlyzer v1.1
GdiplusUpgrade
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HP Tunes
HyperLoad - Candystand Billiards
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD Player
iTunes
iVideoCodec 3.0
J2SE Runtime Environment 5.0
KeyNote 1.6.5
LEFT BEHIND: Eternal Forces Beta Demo
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Shockwave Player
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Money 2005
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SAPI TTS 5.1 Engine
Microsoft Works
Motorola SM56 Speakerphone Modem
Mozilla Firefox (1.5.0.7)
Mozilla Thunderbird (1.5)
MSN Music Assistant
muvee autoProducer 4.0
muvee autoProducer unPlugged 1.1 - HPD
MySurvey Messenger
Need2Find Bar
NeroVision Express 3
Norton Security Center
Office 2003 Tour
OpenOffice.org 2.0
Otto
Panda ActiveScan
PC-Doctor 5 for Windows
PeerGuardian 2.0
Personal Ancestral File Companion 5.2
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2005
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
TeamSpeak 2 RC2
Trillian
TV Commercials
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Updates from HP (remove only)
Ventrilo Client
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB895678
WinRAR archiver
World of Warcraft
  • 0

#7
Burton1

Burton1

    Member

  • Member
  • PipPipPip
  • 430 posts
Please post another HiJackThis log.
  • 0

#8
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:21:06 PM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GhostSurf 2005\DeleteSvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iVideoCodec\pmsngr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Computer Security\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://surf.webbizin...e.asp?UID=38680
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://music.us.musi...cast/member.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = The Schnak rocks!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = <local>
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [dont-touch-my-ads] C:\Documents and Settings\HP_Administrator\Dont-Touch-My-Ads.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NewsletterReader] C:\Program Files\Newsletter Reader\newstray.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2005\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [Organize Quick & Easy 5.0] C:\Program Files\Organize Quick & Easy 5.0\AtDem.exe
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Tenebril Inc. - C:\Program Files\GhostSurf 2005\DeleteSvc.exe
  • 0

#9
Burton1

Burton1

    Member

  • Member
  • PipPipPip
  • 430 posts
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htp


Also please post a HiJackThis also.

Edited by Burton1, 06 November 2006 - 03:09 PM.

  • 0

#10
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
Gratz on the promotion!
  • 0

Advertisements


#11
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
SmitFraudFix v2.119

Scan done at 15:06:00.20, Mon 11/06/2006
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\rrtcany.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\iVideoCodec\ FOUND !
C:\Program Files\VirusBursters\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{27321538-5739-4aa1-b84c-7d18e4383f1f}"="ferrateen"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 3:06:58 PM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GhostSurf 2005\DeleteSvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iVideoCodec\pmsngr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Computer Security\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://surf.webbizin...e.asp?UID=38680
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://music.us.musi...cast/member.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = The Schnak rocks!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = <local>
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [dont-touch-my-ads] C:\Documents and Settings\HP_Administrator\Dont-Touch-My-Ads.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NewsletterReader] C:\Program Files\Newsletter Reader\newstray.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2005\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [Organize Quick & Easy 5.0] C:\Program Files\Organize Quick & Easy 5.0\AtDem.exe
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Tenebril Inc. - C:\Program Files\GhostSurf 2005\DeleteSvc.exe
  • 0

#12
Burton1

Burton1

    Member

  • Member
  • PipPipPip
  • 430 posts
Step 1

Please print out or copy these instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.


1. Download and update AVG Anti-Spyware.

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • 2. Reboot your computer in Safe Mode.[list]
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
3. Run Smitfraud Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


4. Clean out your Temporary Internet files. Proceed as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
5. Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

6. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

7. Lauch Avg Anti-Spyware by double-clicking the icon on your desktop.
  • Note: IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
9. Run SmitfraudFix. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

10. Please Post the following logs:
  • c:\rapport.txt
  • Avg log
  • A new HijackThis log

  • 0

#13
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
SmitFraudFix v2.119

Scan done at 17:00:03.85, Tue 11/07/2006
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{27321538-5739-4aa1-b84c-7d18e4383f1f}"="ferrateen"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\rrtcany.dll Deleted
C:\Program Files\iVideoCodec\ Deleted
C:\Program Files\VirusBursters\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:14:17 PM 11/7/2006

+ Scan result:



C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP283\A0034988.DLL -> Adware.IESearch : Cleaned.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP283\A0034987.exe -> Downloader.Zlob.atz : Cleaned.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP283\A0034984.dll -> Downloader.Zlob.aue : Cleaned.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP283\A0034985.exe -> Downloader.Zlob.aue : Cleaned.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP283\A0034986.exe -> Downloader.Zlob.aue : Cleaned.
:mozilla.269:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.270:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.77:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.83:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.106:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.78:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.79:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.80:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.85:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.86:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.87:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.88:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.89:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.90:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.91:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.374:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.295:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.392:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.393:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.394:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.395:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.396:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.36:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.37:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.38:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.39:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.215:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.275:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.81:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.82:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.84:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.72:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.73:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.74:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.75:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j766639t.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 8:24:50 PM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GhostSurf 2005\DeleteSvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\Latest Virus Stuff\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = The Schnak rocks!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = <local>
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [dont-touch-my-ads] C:\Documents and Settings\HP_Administrator\Dont-Touch-My-Ads.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NewsletterReader] C:\Program Files\Newsletter Reader\newstray.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2005\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [Organize Quick & Easy 5.0] C:\Program Files\Organize Quick & Easy 5.0\AtDem.exe
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Tenebril Inc. - C:\Program Files\GhostSurf 2005\DeleteSvc.exe
  • 0

#14
Burton1

Burton1

    Member

  • Member
  • PipPipPip
  • 430 posts
Step 1

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step 2


Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Step 3

Please post a new HijackThis log along with the Panda and Kaspersky logs.
  • 0

#15
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
I'm not done yet? O.o
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP