Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

tinymfc, ysbctivex.dll, trogan-gen, etc. [CLOSED]


  • This topic is locked This topic is locked

#1
auntiedo

auntiedo

    New Member

  • Member
  • Pip
  • 3 posts
My daughters computer is giving the same messages as Sjak (7/5/05) about tiny mfc and my anit-virus software (Avast) keeps finding ysbactivex.dll, win32:trogan-gen and other trogans. It deletes them, but they keep regenerating.

I got rid of a lot of stuff today with Adaware, but these keep coming back.


IE is very very slow and locks up - her IM just cuts itself off after 30 seconds. this got considerabley better after running Adaware, but I'm sure it's just temporary, and I don't want to reformat her computer AGAIN!

Thanks in advance for your help. :tazz:

Here is her HiJack this log

Logfile of HijackThis v1.99.1
Scan saved at 11:25:09 PM, on 8/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\aim.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ZyAIR G-200\OdHost.exe
C:\Program Files\ZyAIR G-200\WLUSBCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Liz\Desktop\HJT_and_more_1\HJT and more 1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stewardsc...eacher_webs.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stewardsc...eacher_webs.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oca.microsoft....2.00010300.1.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows IPv6 Drivers] wipv6.exe
O4 - HKLM\..\Run: [Windows Javascript Daemon] jsdaemon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Bt7Erd] C:\documents and settings\liz\local settings\temp\Bt7Erd.exe
O4 - HKLM\..\Run: [nzOL.exe] c:\windows\system32\nzOL.exe
O4 - HKLM\..\Run: [uxracd] c:\windows\system32\uxracd.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\RunServices: [Windows IPv6 Drivers] wipv6.exe
O4 - HKLM\..\RunServices: [Windows Javascript Daemon] jsdaemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows IPv6 Drivers] wipv6.exe
O4 - HKCU\..\RunServices: [Windows IPv6 Drivers] wipv6.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZyAIR G-200 Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122955799296
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_6us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...544/mcfscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome.

We'll get this sorted..

Please print these instructions out, or write them down, as you can't read them during the fix.

Right click on the Microsoft AntiSpyware icon (looks like a target) and click on Security Agents Status (Enabled) and click on Disable Real-time Protection. To re enable it, you follow the same steps but click on Enable Real-time Protection.
You can re-enable it when we get your PC clean. It might otherwise interfere with fixes.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Download CleanUp!

Run the CleanUp! installer and get the program ready to be used but don't run it yet.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following;

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Open Ad-aware and do a Full System Scan. Remove anything it finds.

Launch Ewido Security Suite and let it clean anything it finds.

When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop.
Close Ewido.

Run CleanUp!
making sure to reboot when prompted.

Boot up into normal mode.

Run this online scan (let it fix anything it finds & post the results here);

Panda Activescan

Run a new scan with HiJackThis and post the fresh log here along with the Ewido & Panda log's using Add Reply.

- Rawe :tazz:
  • 0

#3
auntiedo

auntiedo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you so much for your help!

I have attached the files from Ewido and Panda.




Logfile of HijackThis v1.99.1
Scan saved at 11:25:55 PM, on 8/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ZyAIR G-200\OdHost.exe
C:\Program Files\ZyAIR G-200\WLUSBCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Liz\Desktop\HJT_and_more_1\HJT and more 1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stewardsc...eacher_webs.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stewardsc...eacher_webs.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oca.microsoft....2.00010300.1.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows IPv6 Drivers] wipv6.exe
O4 - HKLM\..\Run: [Windows Javascript Daemon] jsdaemon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Bt7Erd] C:\documents and settings\liz\local settings\temp\Bt7Erd.exe
O4 - HKLM\..\Run: [nzOL.exe] c:\windows\system32\nzOL.exe
O4 - HKLM\..\Run: [uxracd] c:\windows\system32\uxracd.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Windows IPv6 Drivers] wipv6.exe
O4 - HKLM\..\RunServices: [Windows Javascript Daemon] jsdaemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows IPv6 Drivers] wipv6.exe
O4 - HKCU\..\RunServices: [Windows IPv6 Drivers] wipv6.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZyAIR G-200 Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122955799296
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_6us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...544/mcfscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Attached Files


  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again! Looking a little better now ;)

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directoy as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
    Disable SpySweeper Shields
    • Click Shields on the left.
    • Click Internet Explorer and uncheck all items.
    • Click Windows System and uncheck all items.
    • Click Startup Programs and uncheck all items.
  • Once the definitions are installed and shields disabled, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Post the results here along with a fresh Panda log.

- Rawe :tazz:
  • 0

#5
auntiedo

auntiedo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
sorry this took so long - busy being a taxi cab for kids and then I fell asleep during the panda scan.

thanks again for helping us fix this problem!

11:57 PM: |··· Start of Session, Thursday, August 04, 2005 ···|
11:57 PM: Spy Sweeper started
11:57 PM: Sweep initiated using definitions version 510
11:57 PM: Starting Memory Sweep
11:59 PM: Memory Sweep Complete, Elapsed Time: 00:02:35
11:59 PM: Starting Registry Sweep
11:59 PM: Found Adware: drsnsrch.com hijack
11:59 PM: HKU\S-1-5-21-2411120146-143707312-4058807071-1005\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
11:59 PM: Found System Monitor: networkessentials
11:59 PM: HKLM\software\microsoft\windows\currentversion\uninstall\cdm\ (2 subtraces) (ID = 136172)
11:59 PM: HKLM\software\novo\ (3 subtraces) (ID = 136175)
11:59 PM: HKLM\software\np\ (2 subtraces) (ID = 136176)
11:59 PM: Found Trojan Horse: trojan-backdoor-soundcheck
11:59 PM: HKLM\system\currentcontrolset\services\msdirectx\ (11 subtraces) (ID = 144200)
11:59 PM: Found Adware: wildmedia
11:59 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wbcm\ (4 subtraces) (ID = 146959)
11:59 PM: Registry Sweep Complete, Elapsed Time:00:00:05
11:59 PM: Starting Cookie Sweep
11:59 PM: Found Spy Cookie: adknowledge cookie
11:59 PM: liz@adknowledge[1].txt (ID = 2072)
11:59 PM: Found Spy Cookie: casalemedia cookie
11:59 PM: liz@casalemedia[2].txt (ID = 2354)
11:59 PM: Found Spy Cookie: maxserving cookie
11:59 PM: liz@maxserving[1].txt (ID = 2966)
11:59 PM: Found Spy Cookie: realmedia cookie
11:59 PM: liz@realmedia[2].txt (ID = 3235)
11:59 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:59 PM: Starting File Sweep
12:00 AM: Found Adware: weirdontheweb
12:00 AM: weirdontheweb_wild.exe (ID = 87904)
12:00 AM: Warning: Failed to read file "c:\recycler\\dc320\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
12:00 AM: Warning: Failed to read file "c:\recycler\\dc435\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
12:01 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata4\photoalbum\_". System Error. Code: 3.
The system cannot find the path specified
12:01 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata5\photoalbum\_". System Error. Code: 3.
The system cannot find the path specified
12:01 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata2\photoalbum\_". System Error. Code: 3.
The system cannot find the path specified
12:01 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\gamedata\floors\_". System Error. Code: 3.
The system cannot find the path specified
12:01 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\gamedata\userobjects\_". System Error. Code: 3.
The system cannot find the path specified
12:01 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\gamedata\walls\_". System Error. Code: 3.
The system cannot find the path specified
12:01 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata\export\_". System Error. Code: 3.
The system cannot find the path specified
12:01 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata\import\_". System Error. Code: 3.
The system cannot find the path specified
12:01 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata\photoalbum\_". System Error. Code: 3.
The system cannot find the path specified
12:01 AM: Warning: Failed to read file "c:\recycler\\dc687.wps". System Error. Code: 2.
The system cannot find the file specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata5\characters\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata6\characters\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata6\export\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata2\export\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata5\export\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata6\photoalbum\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata7\characters\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata7\export\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata7\photoalbum\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata8\characters\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata8\export\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata8\photoalbum\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata3\photoalbum\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata4\characters\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata4\export\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata3\characters\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc439\the sims\userdata3\export\_". System Error. Code: 3.
The system cannot find the path specified
12:02 AM: Warning: Failed to read file "c:\recycler\\dc875.wps". System Error. Code: 2.
The system cannot find the file specified
12:02 AM: File Sweep Complete, Elapsed Time: 00:02:57
12:02 AM: Full Sweep has completed. Elapsed time 00:05:41
12:02 AM: Traces Found: 33
12:05 AM: Removal process initiated
12:06 AM: Quarantining All Traces: drsnsrch.com hijack
12:06 AM: Quarantining All Traces: networkessentials
12:06 AM: Quarantining All Traces: trojan-backdoor-soundcheck
12:06 AM: Quarantining All Traces: wildmedia
12:06 AM: Quarantining All Traces: adknowledge cookie
12:06 AM: Quarantining All Traces: casalemedia cookie
12:06 AM: Quarantining All Traces: maxserving cookie
12:06 AM: Quarantining All Traces: realmedia cookie
12:06 AM: Quarantining All Traces: weirdontheweb
12:06 AM: Removal process completed. Elapsed time 00:00:02
********
11:54 PM: |··· Start of Session, Thursday, August 04, 2005 ···|
11:54 PM: Spy Sweeper started
11:57 PM: |··· End of Session, Thursday, August 04, 2005 ···|

Attached Files


  • 0

#6
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again!

Please print these instructions out, or write them down, as you can't read them during the fix.

Firstly, right-click on the Microsoft AntiSpyware icon (looks like a target) and click on Security Agents Status (Enabled) and click on Disable Real-time Protection. To re enable it, you follow the same steps but click on Enable Real-time Protection.

Next, please remove anything you have in Microsoft Anti-spyware's quarantine.
Completely clear it out.. then, can you try to find the following files, and if you do, delete them;

C:\a.exe
C:\trufkz.html
C:\update.html


Now, update your SpySweeper again.
Update your Ewido.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.



Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • Clean anything it finds.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido


Run SpySweeper, again save the log and remove anything it finds.

Run CleanUp! and reboot into normal mode.

Run the following online anti-virus scan;

Trend Micro

Let it remove anything it finds. Save the log, post the results to your next reply.

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

Run a new scan with HiJackThis and post the fresh log here, attach the following logs to your next reply;

TrendMicro Anti-spyware Log
TrendMicro online scan log
SpySweeper & Ewido logs.


- Rawe :tazz:
  • 0

#7
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP