Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

wininet.dll infected by bloodhound.w32.ep

Started by mrhydedied , Jul 25 2005 06:00 PM

  • Please log in to reply

#1
mrhydedied
Posted 25 July 2005 - 06:00 PM

mrhydedied

    New Member

  • Member
  • Pip
  • 6 posts
came home from work yesterday to find my computer infected with tons of spyware/adware and a bloodhound.w32.ep infecting wininet.dll. i think i've managed to remove most of the spyware and adware but for the life of me cannot get rid of the bloodhound. i found a clean new .dll file, but cannot copy/overwrite the infected one because it's in use (even in safe mode). i was going to reinstall windows but the disc i have is older than what i am currently running. any help with this would be greatly appreciated. thanks in advance.

hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 7:59:10 PM, on 7/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michael\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ilion&pf=laptop
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120599016515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#2
Perculator
Posted 28 July 2005 - 02:33 PM

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items:
===================================================
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ilion&pf=laptop

Click Fix checked
And close Hijack This
===================================================

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let me know if any problems persist.
  • 0

#3
mrhydedied
Posted 28 July 2005 - 09:39 PM

mrhydedied

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
first off, i did end up doing a windows repair installation about a day after i posted this topic. it repaired the .dll file that norton said was infected, but also resulted in rolling me back to xp sp1. for some reason it is now taking 4 minutes or more to boot up, while before it would take less than 30 seconds. internet explorer refuses to connect to windows update and the program crashes every time i try it. i tried dl'ing and reinstalling IE but that didn't seem to help. i figured it couldn't hurt anything to go ahead and follow the steps you had posted to see if anything else was lurking about, and sure enough there were a few things. the log results are as follows:



panda active scan:

Incident Status Location

Adware:adware/psguard No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\SHUDDERLTD\PSGUARD
Adware:adware/searchexe No disinfected HKEY_CLASSES_ROOT\Interface\{72423E8F-8011-11D2-BE79-00A0C9A83DA3}
Adware:Adware/Startpage.JU No disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-c6ca0b2-210f3b7a.zip[Beyond.class]



Logfile of HijackThis v1.99.1
Scan saved at 11:29:41 PM, on 7/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michael\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [FirePod] C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120599016515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


smitfiles log:


smitRem log file
version 2.2

by noahdfear

The current date is: Thu 07/28/2005
The current time is: 20:47:59.54

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll


~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN!



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:50:02 PM, 7/28/2005
+ Report-Checksum: 59E240B5

+ Scan result:

C:\!Submit\hhk.dll -> Trojan.Puper.ah : Cleaned with backup
C:\!Submit\intmon.exe -> Trojan.Puper.af : Cleaned with backup
C:\!Submit\msole32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\!Submit\popuper.exe -> Trojan.Puper.w : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\default.9fp\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-c6ca0b2-210f3b7a.zip/Beyond.class -> TrojanDropper.Beyond.g : Error during cleaning


::Report End



thanks for the help so far, i really appreciate it! let me know if there is anything else i should do.

Edited by mrhydedied, 28 July 2005 - 09:44 PM.

  • 0

#4
Perculator
Posted 29 July 2005 - 03:48 PM

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
Hello,

Please go to
Start
Run
And type
sfc /scannow
mind the space after sfc.
And press ok.


***
Please go to
Start
Control Panel

Switch to classic view

Then click
Java
At the tab General
Last section Temporary internet files
Click
Delete Files
Now close the opened windows again


***
Open Notepad.
Copy the text from the box to an empty file.
Save it as ‘export.bat’ to your desktop.
Choose ‘save as all types’


regedit /e c:\smit.txt "HKEY_LOCAL_MACHINE\SOFTWARE\SHUDDERLTD\PSGUARD"

Close Notepad.

Find ‘export.bat’ on your desktop.
Doubleclick the file. It will create a file called ‘smit.txt’ in c:\
Copy the entire text and past it to your reply here in this topic.

EDIT:
· Open HiJackThis
· Click on the configure button on the bottom right
· Click on the tab "Misc Tools"
· Click on the Box that says "Uninstall Manager"
· Click on the button "Save list"
· Copy and past the List from the notepad onto your post

***
Please download FileFind from Atribune.
Unzip the file and save it to your desktop.

To run FileFind, please do the following:
  • Click on FileFind.exe
  • In the box labeled "Enter the directory to search"[LIST]
  • Enter Drive eg.. C:\
[*]In the box labeled "Enter the file to search"
  • Enter the file wininet.dll to search for the file
[*]Now click on the "Find" button
[*]Once the utility has found the files click on "Export"
[*]This will save a text file to your C:\ drive as "Export.txt"
[*]Double click on Export.txt, copy and paste this information in your next post



***
Please go here: Jotti Virus Scan

Click the "browse" button and locate this file:

C:\WINDOWS\System32\wininet.dll

Click "Open", then click the "Submit" button. Copy the results and paste them here.

Good luck!
  • 0

#5
mrhydedied
Posted 30 July 2005 - 12:52 AM

mrhydedied

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
thanks again! followed all the steps, but i wasn't sure about where or what to switch to classic view...so i switched everyting that had "classic" anything as an option. all the logs and results are as follows:


smit.txt:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\SHUDDERLTD\PSGUARD]
"VersionInfo"="APP_VER=1.2.3
DATABASE_VER=3.2.3
DATE=10/10/04
SIGNATURES=50000"
"RegistrationUrl"="http://www.psguard.c...register/9.0.2"
"SCAN_DEPTH"="1"
"SCAN_PRIORITY"="0"
"MinOnStartup"="0"
"ScanOnStartup"="1"
"StartAtWinStartup"="1"
"EnableRTMonitoring"="1"
"AlwaysBlockChanges"="0"
"AlwaysBlockWhenNoAV"="1"
"PerformUpdate"="1"
"UpdateInterval"="3"
"MGuid"="{1E67A051-14F0-4F34-A5E8-FA39549DC750}"

[HKEY_LOCAL_MACHINE\SOFTWARE\SHUDDERLTD\PSGUARD\PSGuard]
"InstallationID"="{90303801-3B0B-4A06-850F-5813F85982A3}"


uninstall list:

Ad-Aware SE Personal
Adobe Photoshop 7.0
Adobe Reader 7.0
Agere Systems AC'97 Modem
Ahead Nero Burning ROM
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BBE Sonic Maximizer PlugIn
Cakewalk Audio FX Pack 1
Cakewalk Pro Audio 9
ccCommon
Cool Edit Pro v1.2a
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ewido security suite
HijackThis 1.99.1
Internet Explorer Q832894
Internet Worm Protection
InterVideo WinDVD
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 4
K-Lite Codec Pack 2.27 Full
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Logitech MouseWare 9.76
Macromedia Dreamweaver MX 2004
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Mozilla Firefox (1.0.6)
MUSICMATCH® Jukebox
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Outlook Express Q837009
PCI 1620 Cardbus Controller and Software
PokerStars
PreSonus 1394 Audio Driver V1.12.0 (FIREPOD)
Quick Launch Buttons 4.20 E1
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Reason
Security Update for Step By Step Interactive Training (KB898458)
SoulSeek Client 156c
SoundMAX
SPBBC
Spybot - Search & Destroy 1.3
Steinberg Cubase LE
Symantec
Symantec Script Blocking Installer
SymNet
TestPokerStars.com
Tweakui Powertoy for Windows XP
Winamp (remove only)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB810217
Windows XP Hotfix - KB822603
Windows XP Hotfix - KB822827
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB826942
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix (SP2) q329623
Windows XP Hotfix (SP2) Q331958
Windows XP Hotfix (SP2) Q810400
Windows XP Hotfix (SP2) Q811114
Windows XP Hotfix (SP2) Q813347
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815485
Windows XP Hotfix (SP2) Q816500
Windows XP Hotfix (SP2) Q817357
Windows XP Hotfix (SP2) Q819696
WinRAR archiver
Yahoo! Internet Mail
Yahoo! Messenger


export.txt:

C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\wininet.dll - 656896 Bytes
C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll - 657920 Bytes
C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll - 658944 Bytes
C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll - 657920 Bytes
C:\WINDOWS\system32\WININET.DLL - 588288 Bytes
C:\WINDOWS\system32\dllcache\wininet.dll - 588288 Bytes



jotti virus scan:

File: WININET.DLL
Status:
OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 4f64d1df989e3aa2fad91a2f1167b9c7
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing
  • 0

#6
Perculator
Posted 30 July 2005 - 03:31 PM

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Open the Misc Tools Session"
  • Click on the Box that says "Uninstall Manager"
  • Click on the entry TestPokerStars.com
  • Click on Delete this entry
  • Click "Yes"
Repeat that for
PokerStars
And close hijack this


Open a notepad file and paste the following bold text in it

Regedit4

[-HKEY_LOCAL_MACHINE\SOFTWARE\SHUDDERLTD]


Call it shudderltd.reg and save it to your desktop, choose in the field save as for *all files.

Then doubleclick the just made shudderltd.reg

Allow it to be added to your registry and
wait for the 'merge succesfull'

then

Download CleanUp!.
If that doesn’t work, use this link.
Here is a tutorial which describes its usage:
http://www.bleepingc...tutorial93.html

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

Once it's done, press Close. Decline to log off and reboot the system. This will remove files that were in use during the scan.

After the restart run the pandascan again and post the outcome of that log in your answer
Please make a fresh hijack this log, and a new uninstall list to post in yor answer too.

Good luck

Edited by Perculator, 30 July 2005 - 03:41 PM.

  • 0

#7
mrhydedied
Posted 30 July 2005 - 06:01 PM

mrhydedied

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
pokerstars.com and testpokerstars.com are pretty reputable poker sites. i installed the software myself and use it quite frequently. i don't think their software has any spyware or adware wrapped up in it. unless you think it's infected in some way, i left it alone for now. i tried the registry change but received the error message "the specified file is not a valid registry script. i downloaded cleanup, but will wait to use it until i receive your opinions and suggestions on these matters. thanks again!
  • 0

#8
Perculator
Posted 01 August 2005 - 12:25 PM

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
ok if you know that programs, it's all right

the smittool has been updated so thrpow away the old one and do the following

Download Download Smitrem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

***

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Post me the contents of the smitfiles.txt log as you post back.

Reboot in normal mode.

Run panda again to see everythings is clean now, post the result of the pandascan too

Edited by Perculator, 01 August 2005 - 12:26 PM.

  • 0

#9
mrhydedied
Posted 02 August 2005 - 01:05 AM

mrhydedied

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
smitRem log file
version 2.2

by noahdfear

The current date is: Tue 08/02/2005
The current time is: 1:50:02.50

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ShudderLTD key present! Running LTDFix!

ShudderLTD key was successfully removed! :tazz:


Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN! ;)



panda scan came up clean. thanks for the help! still having a few problems though. spybot s&d keep finding something in the registry called "smitfraud-c" and cannot remove or fix them because the files are "still in use in memory", even when i run it before windoms boots up (as it suggests doing). it's also still taking a lot longer for my computer to boot up than it used to, and IE still crashes when i try to use windows update. any help or suggestions would be greatly appreciated.

spybot log:

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.niger.ru\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.6o9.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webpidor.biz\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vv7.al.57e.net\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u48.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u47.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u46.cx\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u45.cx\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracking.allposters.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toprefsys.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terra.hcworld.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t34rulit.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s2.kav.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.remove.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\new.8ad.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\meetyourfriend.biz\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\makechoice.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\love-catalog.net\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greg-tut.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\[bleep]-[bleep].org\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\e-finder.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dl.ad-ware.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingforlove.org\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crl.thawte.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bin.wordsx.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\awmdabest.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulthell.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\75tz.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-3008850533-2103976582-2762987120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\20x2p.com\*!=W=4


--- Spybot - Search && Destroy version: 1.3 ---
2005-04-26 Includes\Cookies.sbi
2005-07-29 Includes\Dialer.sbi
2005-07-29 Includes\Hijackers.sbi
2005-06-23 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-07-29 Includes\Malware.sbi
2005-07-22 Includes\PUPS.sbi
2005-04-27 Includes\Revision.sbi
2005-07-29 Includes\Security.sbi
2005-07-29 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-07-29 Includes\Trojans.sbi

Edited by mrhydedied, 02 August 2005 - 01:58 AM.

  • 0

#10
Perculator
Posted 02 August 2005 - 11:50 AM

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
Those are added by IESpyad. Blocked sites.You should add them to Spybot's ignore list.

Can i see a fresh hijack this log please?
  • 0

#11
mrhydedied
Posted 02 August 2005 - 01:25 PM

mrhydedied

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.1
Scan saved at 3:23:57 PM, on 8/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michael\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [FirePod] C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120599016515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#12
Perculator
Posted 03 August 2005 - 01:43 AM

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
You did very Good, your log looks clean now.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware, Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.
  • 0

#13
Perculator
Posted 03 August 2005 - 01:49 AM

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
Well done, your log looks clean now

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware, Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP