Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

antivirus-gold.com


  • This topic is locked This topic is locked

#1
tmcg

tmcg

    New Member

  • Member
  • Pip
  • 2 posts
I have been working in safe mode while working on viruses. Finally clean and went back to normal mode. Now backround of main screen is black whith a paragraph about how every website you ever visit is on your hard disk, click
below for removal. That sends you to a website to install "anti virus gold". the website is www.antivirus-gold.com/?wm=&swm=.

How to I get rid of this?

Edited by tmcg, 22 July 2005 - 02:09 PM.

  • 0

Advertisements


#2
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome tmcg to Geeks to Go!

Please download the latest version of HiJack This. Click here to download the latest version (1.99.1). Please save it in a permanent folder (such as C:\HJT). This is to ensure that backups are saved and accessible in the event you should need it. Follow the instructions below if you are unsure how to save it in a permanent folder:1.) Click on the link to download HiJackThis.exe.
2.) When it pulls up the box (for you to pick a location to save the file), click on the pulldown menu and select "[C:]".
3.) Click on the button to "create new folder" and name the folder HiJackThis
4.) Double click on the folder you just made (to go into the folder) and click "save" on the bottom of the box.
Doubleclick HijackThis and scan and save the log.
Copy that log and paste it here in your reply.
  • 0

#3
tmcg

tmcg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Here's the log from today
Logfile of HijackThis v1.99.1
Scan saved at 5:26:33 PM, on 7/25/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SONY\SMART LABEL\SSLOSERV.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\E_S4I2F1.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET G SERIES\BIN\HPODEV07.EXE
C:\QUICKENW\BAGENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET G SERIES\BIN\HPOEVM07.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET G SERIES\BIN\HPOSTS07.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET G SERIES\BIN\HPOFXM07.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html#1503
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://my-search4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html#1503
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com...nder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my-search4u.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://my-search4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {72118E7A-2C7B-E144-3157-F8166A5E92E5} - C:\WINDOWS\SYSNH.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Smart Label OServer] C:\PROGRAM FILES\SONY\SMART LABEL\SSLOSERV.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\SYSTEM\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O7 "EPUSB1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [flBZNls] C:\SUSYS.EXE
O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\SYSTEM\MSXMIDI.EXE
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [IEPP.EXE] C:\WINDOWS\SYSTEM\IEPP.EXE
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [ATLXE32.EXE] C:\WINDOWS\ATLXE32.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O9 - Extra button: Microsoft AntiSpyware helper - {6274E400-D4E4-11D9-B939-00E018C383E7} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6274E400-D4E4-11D9-B939-00E018C383E7} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Netnews - {B70AB100-3EBA-11D8-B938-F7873B4EF473} - news:worldnet.help.new-users (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6274E400-D4E4-11D9-B939-00E018C383E7} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6274E400-D4E4-11D9-B939-00E018C383E7} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O13 - WWW. Prefix: http://%65%68%74%74%70%2E%63%63/?
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.sp2[bleep]ed.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.163.248...hm::/update.exe
O16 - DPF: {CE70CB79-13E6-4C3D-B81B-910319F613BC} - mhtml:file://C:\ARHIVE.MHT!http://69.50.163.248/504/count4.exe
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) -
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:\\MAIN.MHT!http://super-gals.co...ex.chm::/ad.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {D7A26469-0C01-4718-AE0D-5CE83F8B0D17} (CDDM98 Object) - https://netservices....SLControl98.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing)
O19 - User stylesheet: C:\WINDOWS\my.css (file missing) (HKLM)
O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)

Please let me know how to fix the "antivirus" problem.
  • 0

#4
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Be sure to follow ALL instructions!
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the
    SpyKiller
    BestPopUpKiller
    PrecisionTime
  • Click on "Delete this entry" for each one.
  • Click "Yes"
  • Close HijackThis
***

Download SmitRem to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

***

Place a shortcut to Panda ActiveScan on your desktop.

***

If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.
Check Here on how setup and use it - please make sure you update it first.

***

Download about:buster by RubbeRDuckY.
Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
***

Download CWShredder.
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
***

Use Windows Explorer to remove these folders (if they still exist):
C:\Program Files\SpyKiller\
C:\Program Files\BestPopUpKiller\
C:\Program Files\PrecisionTime\
Close Windows Explorer when you are done.

***

Download the Killbox.
Unzip it to the desktop

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\SUSYS.EXE
C:\WINDOWS\SYSTEM\MSXMIDI.EXE
C:\WINDOWS\ATLXE32.EXE
C:\WINDOWS\MSOPT.DLL

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If your computer does not restart automatically, please restart it manually.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Please run About:Buster:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end.

***

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

***

Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html#1503

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://my-search4u.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html#1503

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com...nder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com...nder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my-search4u.com/index.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://my-search4u.com/sp.htm

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {72118E7A-2C7B-E144-3157-F8166A5E92E5} - C:\WINDOWS\SYSNH.DLL

O4 - HKLM\..\Run: [flBZNls] C:\SUSYS.EXE

O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\SYSTEM\MSXMIDI.EXE

O4 - HKLM\..\Run: [ATLXE32.EXE] C:\WINDOWS\ATLXE32.EXE

O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup

O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe

O9 - Extra button: Microsoft AntiSpyware helper - {6274E400-D4E4-11D9-B939-00E018C383E7} - C:\WINDOWS\SYSTEM\WLDR.DLL
(file missing)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6274E400-D4E4-11D9-B939-00E018C383E7} - C:\WINDOWS\SYSTEM\WLDR.DLL
(file missing)

O9 - Extra button: Microsoft AntiSpyware helper - {6274E400-D4E4-11D9-B939-00E018C383E7} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6274E400-D4E4-11D9-B939-00E018C383E7} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)

O13 - WWW. Prefix: http://%65%68%74%74%70%2E%63%63/?

O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.163.248...hm::/update.exe

O16 - DPF: {CE70CB79-13E6-4C3D-B81B-910319F613BC} - mhtml:file://C:\ARHIVE.MHT!http://69.50.163.248/504/count4.exe

O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) -

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:\\MAIN.MHT!http://super-gals.co...ex.chm::/ad.exe

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing)

O19 - User stylesheet: C:\WINDOWS\my.css (file missing) (HKLM)

O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Post me the contents of the smitfiles.txt log as you post back.

***

Open Ad-aware and do a full scan. Remove all it finds.

***

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

***

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.




EDIT:
As there has been no reply from the original poster for more than two weeks this topic is now closed.

If you are the original poster and still need assistance, please send me a PM.

Edited by g2i2r4, 09 August 2005 - 03:35 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP