Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need Help Removing loadingwebsite.com [RESOLVED]


  • This topic is locked This topic is locked

#31
SergeantJack

SergeantJack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
K, here's the new log:

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Program Files\Finditnt

------- System Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 4481-C48B

Directory of C:\WINDOWS\System32

07/04/2005 12:48 PM <DIR> dllcache
02/05/2005 08:25 PM <DIR> Microsoft
0 File(s) 0 bytes
2 Dir(s) 6,112,157,696 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 4481-C48B

Directory of C:\WINDOWS\System32

07/07/2005 06:35 AM <DIR> vidctrl
07/04/2005 12:48 PM <DIR> dllcache
02/05/2005 08:20 PM 488 logonui.exe.manifest
02/05/2005 08:20 PM 488 WindowsLogon.manifest
02/05/2005 08:19 PM 749 sapi.cpl.manifest
02/05/2005 08:19 PM 749 nwc.cpl.manifest
02/05/2005 08:19 PM 749 ncpa.cpl.manifest
02/05/2005 08:19 PM 749 cdplayer.exe.manifest
02/05/2005 08:19 PM 749 wuaucpl.cpl.manifest
7 File(s) 4,721 bytes
2 Dir(s) 6,112,157,696 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C has no label.
Volume Serial Number is 4481-C48B

Directory of C:\WINDOWS\System32


------ Temp Files in System32 Directory ------

Volume in drive C has no label.
Volume Serial Number is 4481-C48B

Directory of C:\WINDOWS\System32


------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


------------- Locate.com Results -------------

-------- Strings.exe Qoologic Results --------


--------- Strings.exe Aspack Results ---------

C:\WINDOWS\system32\MRT.exe: (ASPack)
C:\WINDOWS\system32\MRT.exe: ASPack 1.61
C:\WINDOWS\system32\MRT.exe: ASPack 1.084
C:\WINDOWS\system32\MRT.exe: ASPack 1.083
C:\WINDOWS\system32\MRT.exe: ASPack 1.08.02b
C:\WINDOWS\system32\MRT.exe: ASPack 1.07b
C:\WINDOWS\system32\MRT.exe: ASPack 1.05b
C:\WINDOWS\system32\MRT.exe: ASPack 1.02
C:\WINDOWS\system32\MRT.exe: ASPACK
C:\WINDOWS\system32\ntdll.dll: .aspack

-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"



  • 0

Advertisements


#32
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok great!

Are you having any other problems?
  • 0

#33
SergeantJack

SergeantJack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Nope, no pop-ups or anything else. However, I do have "The ABI Network - A Division of Direct Revenue" in my installed programs list. I'm pretty sure that's scumware. Should I be worried about it?

Oh yeah, forgot to add: when I try to un-install it, it launches an Internet Explorer window, takes me to their site, tries to get me to go to www.mypctuneup.com and download their uninstaller. I just shut down the window when it pops up, but I'm worried this is going to cause me trouble in the future.

Edited by SergeantJack, 10 July 2005 - 05:36 PM.

  • 0

#34
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Yeah, they install their crap, then expect you to use their uninstaller so they can gather more information :tazz: (No it isn't anything to worry about, but I don't want it there anyway!)

We'll get rid of that, no problem!

Open HiJackThis.
Click "Open the Misc Tools Section"
Click "Open Uninstall Manager".
Look down the list for "ABI Network"
Click to highlight it.
Click the "Delete this entry" button

And that's it ;)
  • 0

#35
SergeantJack

SergeantJack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I think that did the trick.

Thanks a million. I'm sending you a donation through PayPal, albeit a small one. You've been a big help.
  • 0

#36
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
That's very sweet of you to do, thank you! You're very welcome! I'm happy I could help ;)

Congratulations your log is clean! Great job on the clean up :tazz:

I recommend checking the http://www.microsoft.com website periodically for critical updates to install.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Ewido Security Suite <= Protection against Trojans, Worms, Dialers, Hijackers, Spyware, and Keyloggers.

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

  • 0

#37
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP