Trevuren
Smithfraud (I think?) [RESOLVED]
#61
Posted 21 July 2005 - 12:09 PM
Trevuren
#62
Posted 22 July 2005 - 12:00 AM
#63
Posted 22 July 2005 - 12:34 AM
2. Download the .exe format of Cleanup by Steven Gould from :HERE and SAVE it to your Desktop.
- On your Desktop, click on Cleanup40.exe
- Then, click RUN and place a checkmark beside "I Agree"
- Then click NEXT followed by START.
- A window will appear with many choices, keep all the defaults.
- Click OK
- Finally click "CleanUp"
Trevuren
#64
Posted 22 July 2005 - 12:59 AM
#65
Posted 22 July 2005 - 09:45 AM
1. UNINSTALL through ADD/REMOVE programs the .net framework program. It appears in your log as if you installed it twice. Just uninstall one please.
2. . Please download the 30-day free trial of Kaspersky anti virus
. Install the program
. Run the definition update module.
3. UNINSTALL ALL of Norton/Symantec since it isn't working properly at this time.(you will reinstall later). They will probably ask you if you want to keep parts of the program (Definitions/quarantine), answer "NO"
4. Run Kaspersky and let it remove everything it finds.
5. REBOOT your system.
6. Provide me with a fresh HJT log. (If these steps frighten you due to their complexity, don't be ashamed to ask a friend for help. Note. it will probably take a couple of hours to complete.
Regards,
Trevuren
#66
Posted 23 July 2005 - 12:04 PM
Edited by Summer_24, 23 July 2005 - 12:15 PM.
#67
Posted 23 July 2005 - 12:16 PM
Your choice,
Trevuren
#68
Posted 23 July 2005 - 01:52 PM
Is it ok for me to run the virus scan now and if so, should I let it scan "my computer?" Thanks for your help.
#69
Posted 23 July 2005 - 01:57 PM
Trevuren
#70
Posted 23 July 2005 - 03:43 PM
I did not push either of these buttons, should I have?
Logfile of HijackThis v1.99.1
Scan saved at 4:39:45 PM, on 7/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\SpyCatcher\DeleteSatellite.exe
D:\PROGRA~1\AIM\aim.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\SpyCatcher\Protector.exe
D:\Program Files\SpyCatcher\Scheduler daemon.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "D:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "D:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Protector.lnk = D:\Program Files\SpyCatcher\Protector.exe
O4 - Startup: Scheduler.lnk = D:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121549626671
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
Edited by Summer_24, 23 July 2005 - 03:45 PM.
#71
Posted 23 July 2005 - 03:49 PM
What you did in refusing was the correct thing to do
Trevuren
#72
Posted 23 July 2005 - 03:57 PM
Edited by Summer_24, 23 July 2005 - 03:58 PM.
#73
Posted 23 July 2005 - 04:16 PM
1.
- Download, install, update, configure, and run Ad-Aware SE Personal 1.06.
- Download Ad-Aware SE Personal 1.06:
- Download Ad-Aware SE Personal 1.05.
- Save aawsepersonal.exe to a convenient location.
- Install Ad-Aware SE Personal 1.06:
- Double-click on aawsepersonal.exe to install the program.
- Follow the default settings for installation.
- After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
- Update Ad-Aware SE Personal 1.06:
- Double-click the Ad-Aware SE Personal icon on your desktop.
- Click "Check for updates now" then click "Connect".
- It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
- Configure Ad-Aware SE Personal 1.06:
- Click on the Gear button at the top of the window.
- Click "General" on the left hand side to display the General Settings box.
- Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
- "Automatically save logfile"
- "Automatically quarantine objects prior to removal"
- "Safe Mode (always request confirmation)"
- "Prompt to update outdated definitions" - change to 7 days from the default 14.
- Click "Scanning" on the left hand side to display the Scan Settings box.
- Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
- "Scan within archives"
- "Select drives & folders to scan" - select your hard drive(s).
- "Scan active processes"
- "Scan registry"
- "Deep-scan registry"
- "Scan my IE favorites for banned URLs"
- "Scan my Hosts file"
- Click "Advanced" on the left hand side to display the Advanced Settings box.
- Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
- "Move deleted files to Recycle Bin"
- "Include additional object information"
- "Include negligible objects information"
- "Include environment information"
- Click "Defaults" on the left hand side to display the Default Settings box.
- Make sure these items have your preferred settings in them.:
- "Default homepage"
- "Default searchpage"
- Click "Tweak" on the left hand side to display the Tweak Settings box.
- Click the + (plus) sign next to the Log Files section. This will expand the section.
- Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
- "Include basic Ad-Aware settings in log file"
- "Include additional Ad-Aware settings in log file"
- "Include reference summary in log file"
- "Include alternate data stream details in log file"
- Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
- Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
- "Unload recognized processes & modules during scan"
- "Scan registry for all users instead of current user only"
- "Obtain command line of scanned processes"
- Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
- Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
- "Always try to unload modules before deletion"
- "During removal, unload Explorer and IE if necessary"
- "Let Windows remove files in use at next reboot"
- "Delete quarantined objects after restoring"
- Once you are done with these settings, click "Proceed" to save them.
- This will take you back to the main screen.
- Download Ad-Aware SE Personal 1.06:
- Run Ad-Aware SE Personal 1.06:
- Click the "Start" button.
- Uncheck the "Search for negligible risk entries" entry.
- Choose the "Use custom scanning options" scan mode.
- Click the "Next" button.
- Ad-Aware will begin to scan for malware residing on your computer.
- Allow the scan to finish.
- Right-click on any entry in the list and click "Select All" to select the whole list.
- Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.
- Please download ewido security suite it is a trial version of the program.
- Install ewido security suite
- When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- Launch ewido, there should be an icon on your desktop double-click it.
- The program will prompt you to update click the OK button
- The program will now go to the main screen
- On the left hand side of the main screen click update
- Click on Start
- The update will start and a progress bar will show the updates being installed.
- Once the updates are installed do the following:
- REBOOT into Safe Mode
- Run EWIDO
- Click on scanner
- Make sure the following boxes are checked before scanning:
- Binder
- Crypter
- Archives
- Click on Start Scan
- Let the program scan the machine
- While the scan is in progress you will be prompted to clean files, click OK
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report
- Save the report to your desktop
- Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply
Trevuren
#74
Posted 24 July 2005 - 01:01 AM
Scan saved at 1:54:22 AM, on 7/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\Program Files\SpyCatcher\DeleteSatellite.exe
D:\PROGRA~1\AIM\aim.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\SpyCatcher\Protector.exe
D:\Program Files\SpyCatcher\Scheduler daemon.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "D:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "D:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Protector.lnk = D:\Program Files\SpyCatcher\Protector.exe
O4 - Startup: Scheduler.lnk = D:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121549626671
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
After I rebooted, I wasnta ble to add the Ewido report by using Add Reply, because I couldnt find that option. So I rebooted back into safe mode and found it on the desktop and copied it, booted back into normal mode and tried to paste it and nothing would paste. What did I do wrong, why wont it paste? (also thought you should know that the file only saved to my safe mode desktop, not the normal desktop).
Edited by Summer_24, 24 July 2005 - 01:15 AM.
#75
Posted 24 July 2005 - 09:44 AM
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report
Save the report to your desktop
From my post. It was done in Safe Mode. I had also asked you for the report generated by Ad-Aware.. Please read the instructions very carefully. These reports are crucial.
Trevuren
Edited by Trevuren, 24 July 2005 - 09:46 AM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users