Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Smitfraud.c Virus. *puppydog eyes* [resolved]

Started by Riotamas , May 05 2005 09:55 AM

  • This topic is locked This topic is locked

#16
Riotamas
Posted 07 May 2005 - 10:01 AM

Riotamas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
A couple complications.

1. HijackThis couldn't find

HKCU\..\Run: [windowsFY] c:\bsw.exe

Though bsw.exe still exists on my C drive
It also couldn't find

Trusted Zone: *.skoobidoo.com (HKLM)


and 2.

When I tried to delete

c:\documents and settings\the matrix has you!\

I get a message that says

"Cannot Delete LFVRT1KE: Access is denied
Make sure the disk is not write-protected and that the file is not currently in use"

Everything else went smoothly, but I'm stuck on this step because The Matrix Has You won't delete.
  • 0

Advertisements

#17
g2i2r4
Posted 07 May 2005 - 12:49 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Try removing it in safe mode.
  • 0

#18
Riotamas
Posted 07 May 2005 - 01:52 PM

Riotamas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I was in safe mode the first time I tried to remove it, but just to be sure I tried again.
This time I get the same message. But now instead of "Cannot delete LFVRT1KE"
It just says "Cannot delete My Documents"

I'm about ready to name my computer "Murpheys Law" :tazz:
  • 0

#19
g2i2r4
Posted 07 May 2005 - 02:39 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Sounds like your nephew has his own useraccount on your computer.

Please check this. If he has his own account, you should be logged in as an administrator to be able to delete the content of one of his folders.
  • 0

#20
Riotamas
Posted 07 May 2005 - 04:34 PM

Riotamas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
There are three user accounts on the computer, all have administrator status.
I've tried...

Deleting it from my user account in normal mode.

Deleting it from the default "Administrator" account in safe mode

Changing my nephews account from Administrator to Limited and deleting it from both my account in normal mode and from the default administrator account in safe mode.

Signing on to my nephews account and deleting it from there. Brings up a message that says "The Matrix Has you is a windows system Folder and is required for windows to Run properly. It cannot be deleted"

It won't die! :tazz:

I seem to be able to delete the files inside of it, just not the folder itself.

My nephew says he has no problem deleting his whole account if it will help.
  • 0

#21
g2i2r4
Posted 08 May 2005 - 04:43 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
We only need to get ride of the file that is in your HijackThis log.

Did you run the Ewido scan? Post me that log and a fresh log using HijackThis.
Let's start over.
  • 0

#22
Riotamas
Posted 08 May 2005 - 12:54 PM

Riotamas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Ewido never gives me the option to save a report. The scan gets to 99.7% and then the whole program closes.
Should I type out everything that's in the quarantine list?
  • 0

#23
g2i2r4
Posted 08 May 2005 - 01:00 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
No thanks, try to rerun the scanner (I had to do it three times once, don't know why..)
  • 0

#24
Riotamas
Posted 09 May 2005 - 02:46 PM

Riotamas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Ok, after 7 tries it finally let me save the report.

Here's the Ewido report and then the new HijackThis log.



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:34:35 PM, 5/9/2005
+ Report-Checksum: D6E4681C

+ Date of database: 5/9/2005
+ Version of scan engine: v3.0

+ Duration: 85 min
+ Scanned Files: 92847
+ Speed: 18.10 Files/Second
+ Infected files: 13
+ Removed files: 13
+ Files put in quarantine: 13
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\WINDOWS\SYSTEM32\javex80.vxd/C:/WINDOWS/System32/nvms.dll -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\SYSTEM32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.ExactSearchBar -> Cleaned with backup
C:\WINDOWS\SYSTEM32\kbwqyg.dat -> TrojanDownloader.Qoologic.e -> Cleaned with backup
C:\WINDOWS\SYSTEM32\mscjjn.dll -> Spyware.180solutions -> Cleaned with backup
C:\WINDOWS\SYSTEM32\mshelper.dll -> Trojan.Trilon.b -> Cleaned with backup
C:\WINDOWS\SYSTEM32\msnimk.gif -> Spyware.Ipend -> Cleaned with backup
C:\WINDOWS\SYSTEM32\nоpdb.exe -> Spyware.PurityScan.bj -> Cleaned with backup
C:\WINDOWS\SYSTEM32\ole32vbs.exe -> Trojan.Favadd.v -> Cleaned with backup
C:\WINDOWS\SYSTEM32\shnlog.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\SYSTEM32\SWRT01.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\WINDOWS\SYSTEM32\VT04.exe -> TrojanDownloader.Small.vl -> Cleaned with backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__intmon.exe -> Trojan.Puper.a -> Cleaned with backup
C:\WINDOWS\Temp\~412675.tmp -> Spyware.Wintol.l -> Cleaned with backup


::Report End

---------------------------------------------
---------------------------------------------
---------------------------------------------



Logfile of HijackThis v1.99.1
Scan saved at 1:42:15 PM, on 5/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\COMMON~1\AOL\107257~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\107257~1\EE\AOLServiceHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0d\waol.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavi...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hpD85E.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...77/mcinsctl.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0032.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#25
g2i2r4
Posted 09 May 2005 - 04:01 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Can you please send this file:
C:\WINDOWS\System32\hpD85E.tmp
(zipped if you can)
to this adres:
pieter AT wilderssecurity DOT org [change the AT to @ and the DOT to a dot]

I will make an advise for you.

Edited by g2i2r4, 09 May 2005 - 04:09 PM.

  • 0

Advertisements

#26
g2i2r4
Posted 09 May 2005 - 04:09 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Be sure to follow ALL instructions!

Please right-click: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.

Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid

Exit Add/Remove Programs.

We need to make sure all hidden files are showing so please:* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\system32\msole32.exe
C:\Windows\System32\ole32vbs.exe
C:\PROGRAM FILES\mcafee.com\agent\McUpdate.exe
C:\WINDOWS\System32\hpD85E.tmp

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Using Windows Explorer, delete the following, if found, (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

While still in Safe Mode, do the following:

Make sure all programs and windows are closed. Run HiJackThis and place a check next to the following items, if found, then click FIX CHECKED

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavi...earch.php?qq=%1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavi...earch.php?qq=%1

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavi...earch.php?qq=%1

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavi...earch.php?qq=%1

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavi...earch.php?qq=%1

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/

O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hpD85E.tmp

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} - http://www.pacimedia...ll/pcs_0002.exe

O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0032.exe

Close HiJackThis.

Reboot into normal mode.

1.) Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download CleanUp!.
If that doesn’t work, use this link.
Find and doubleclick the file cleanup.
Go to option
Select ‘custom’
Put a check to:* Cookies
* Prefetch
* Temp
* All users.
Press 'cleanup!'
Once it's done, log off and log on again. This will remove files that were in use during the scan.

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan.
  • 0

#27
Riotamas
Posted 09 May 2005 - 08:31 PM

Riotamas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here's a new Hijackthis log and the activescan log.

Note: After following the directions given, my desktop screen went from plain black to plain blue, and when I log on to my desktop it tells me that part of McAfee is missing and to reinstall it.


Logfile of HijackThis v1.99.1
Scan saved at 7:25:10 PM, on 5/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\lexpps.exe
C:\PROGRA~1\COMMON~1\AOL\107257~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\107257~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0d\waol.exe
C:\Program Files\America Online 9.0d\shellmon.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...77/mcinsctl.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-------------------------
-------------------------
-------------------------




Incident Status Location

Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/Gator No disinfected C:\GatorPatch.log
Adware:Adware/nCase No disinfected C:\WINDOWS\System32\FLEOK
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/KeenValue No disinfected C:\WINDOWS\System32\drivers\etc\hosts.bho
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles
Adware:Adware/PowerScan No disinfected Windows Registry
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\System32\SHAgentNew.dll
Adware:Adware/CWS No disinfected Windows Registry
Adware:Adware/Xupiter No disinfected C:\Program Files\Xupiter
Adware:Adware/CWS.Yexe No disinfected C:\WINDOWS\System32\services
Adware:Adware/AdDestroyer No disinfected Windows Registry
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\System32\InnerVBInstall.log
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\TOM\Application Data\Lycos
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\conscorr.inf
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/DealHelper No disinfected C:\WINDOWS\System32\newmsrdk
Adware:Adware/Comet No disinfected C:\WINDOWS\Downloaded Program Files\cc.inf
Adware:Adware/IEPlugin No disinfected C:\WINDOWS\rgrt.exe
Adware:Adware/TopRebates No disinfected C:\WINDOWS\bundles\WebRebates*.exe
Adware:Adware/WildTangent No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\Program Files\Media Pass
Adware:Adware/MoeMoney No disinfected Windows Registry
Adware:Adware/E2Give No disinfected C:\Program Files\E2G
Adware:Adware/PowerSearch No disinfected Windows Registry
Adware:Adware/SuperSpider No disinfected C:\Documents and Settings\TOM\Favorites\online dating.url
Spyware:Spyware/Clipgenie No disinfected C:\WINDOWS\clipg.exe
Spyware:Spyware/Whazit No disinfected C:\WINDOWS\System32\kyf.dat
Adware:Adware/ESyndicate No disinfected Windows Registry
Adware:Adware/Transponder No disinfected C:\WINDOWS\LastGood\INF\ceres.inf
Virus:Trj/Spabot.E Disinfected Operating system
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\System32\P2P Networking
Adware:Adware/BlueScreenWarningNo disinfected Windows Registry
Adware:Adware/Popuper No disinfected C:\Online Pharmacy.url
Adware:Adware/Virmaid No disinfected Windows Registry
Adware:Adware/Popuper No disinfected C:\Documents and Settings\All Users\Start Menu\Online Casino.url
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\TOM\Application Data\tvmknwrd.dll
Adware:Adware/SuperSpider No disinfected C:\Documents and Settings\TOM\Desktop\hpD85E.zip[hpD85E.tmp]
Adware:Adware/Popuper No disinfected C:\Documents and Settings\TOM\Favorites\Anti Spam.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\TOM\Favorites\Black Jack Online.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Fun & Games\Betting.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Fun & Games\Casino Palace.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Fun & Games\Casino.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Fun & Games\Games.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Fun & Games\Horoscope.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Going Places\Air Tickets.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Going Places\Car Rentals.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Going Places\Hotel Deals.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Going Places\Luggage.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Going Places\Travel.lnk
Adware:Adware/Popuper No disinfected C:\Documents and Settings\TOM\Favorites\Home Loan.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Living\Dating.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Living\Find a Degree.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Living\Find a job.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Living\Home.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Living\Insurance.lnk
Adware:Adware/Popuper No disinfected C:\Documents and Settings\TOM\Favorites\Network Security.url
Adware:Adware/SuperSpider No disinfected C:\Documents and Settings\TOM\Favorites\Online Dating.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Online Gambling\Online Gambling.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\TOM\Favorites\Online Gambling.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\TOM\Favorites\Online Pharmacy.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Shop\Auctions.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Shop\Books.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Shop\Computers.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Shop\Discount.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Shop\Flowers.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Shop\Golf.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Shop\Jewelry.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Shop\Movies.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Shop\Music.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Shop\Online Store.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Shop\Perfume.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Shop\Sleepwear.lnk
Adware:Adware/Popuper No disinfected C:\Documents and Settings\TOM\Favorites\Spyware Removal.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Technology\Adware Remover.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Technology\Anti-Virus.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Technology\PC Cleaner.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\TOM\Favorites\Technology\Tech & gadgets.lnk
Adware:Adware/Gator No disinfected C:\GatorPatch.log
Adware:Adware/Popuper No disinfected C:\Online Pharmacy.url
Adware:Adware/SAHAgent No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16538515.asw
Adware:Adware/SAHAgent No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16538671.asw
Adware:Adware/SAHAgent No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16540984.asw
Adware:Adware/SAHAgent No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16541140.asw
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16555328.asw
Spyware:Spyware/TVMedia No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16556156.asw
Spyware:Spyware/TVMedia No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16556250.asw
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16558375.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16559578.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16559625.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16559703.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16559796.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16559843.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16559890.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16559953.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16560000.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16560046.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16560187.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16560265.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16560328.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16560390.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16560484.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16560531.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16560593.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16560703.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16560765.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16561046.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16561093.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16561140.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16561218.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16561265.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16561312.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16561421.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16561484.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16561593.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16561656.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16561718.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16561890.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16562109.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16562171.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16562218.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16562296.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16562359.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16562437.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16562500.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16562578.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16562687.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16562828.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16562968.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16563140.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16563359.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16563484.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16563562.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16563625.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16563671.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16563750.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16563796.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16563843.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16563921.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16563984.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16564031.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16564109.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16564156.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16564203.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16564265.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16564328.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16564375.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16564437.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16564500.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16564562.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16564625.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16564671.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16564750.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16564812.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\16564875.asw
  • 0

#28
g2i2r4
Posted 10 May 2005 - 02:09 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Can you please send this file:
C:\WINDOWS\system32\hhk.dll
(zipped if you can)
to this adres:
pieter AT wilderssecurity DOT org [change the AT to @ and the DOT to a dot]


Please cleanup your favorites in this folder:
C:\Documents and Settings\TOM\Favorites\


You can remove the backups for AOL Spyware Protection from within that program.

I'll check back tonight (I'm at work now).
  • 0

#29
g2i2r4
Posted 10 May 2005 - 04:07 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Nice log :tazz:

Download this tool:

http://securityrespo...er/FixGator.exe

and run it. Let me know what it says.

***

Each of the other Users on the System needs to be signed in to clean up their desktop and regain the right click.

I have included another vbs to do this. It is named Other Profiles Regfix.vbs

Have each User sign in and run Other Profiles Regfix.vbs
Open C:\ (Go to Start>Run and type C: Press enter) and Open the C:\Spywad folder. Double click on Other Profiles Regfix.vbs

Explorer will be ended and that user's active desktop registry entries will be repaired. Explorer will be restarted.

Then run hijackthis and remove the entries as directed.

You will need to do this step for every user account

To reset your wallpaper, open Display Properties > Desktop Tab. Choose a Wallpaper and apply. Close Display Properties. To see the change, click on the desktop and press F5.
  • 0

#30
g2i2r4
Posted 10 May 2005 - 04:14 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Open HijackThis.
Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
press the button 'save list'.
Close HijackThis.

Please post the list here in your reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP