Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

W32.sinnaka.A@mm

Started by JeffLax07 , Jan 01 2006 06:56 PM

  • Please log in to reply

#1
JeffLax07
Posted 01 January 2006 - 06:56 PM

JeffLax07

    New Member

  • Member
  • Pip
  • 2 posts
Everytime I open IE, it is automatically redirected to www.systemwarning.com and says my computer is infected with W32.Sinnaka.A@mm. I have followed all recommended steps listed under what to do before posting in the forum and still no luck.

My EWIDO report is as follows:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:48:39 PM, 1/1/2006
+ Report-Checksum: 61934CE7

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKU\S-1-5-21-839522115-1343024091-725345543-1003\Software\Classes\CLSID\{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} -> Downloader.SpyAxe : Cleaned with backup
HKU\S-1-5-21-839522115-1343024091-725345543-1003_Classes\CLSID\{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} -> Downloader.SpyAxe : Cleaned with backup
[460] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Cleaned with backup
[484] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[528] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[540] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[700] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[752] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[948] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[992] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[1152] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[1324] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[1408] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[1468] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[1504] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[1528] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[1760] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[1172] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[1800] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[1232] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[252] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[932] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[1752] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[1908] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[1284] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[1356] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[924] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[1792] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[1984] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[872] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[2000] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[204] C:\WINDOWS\System32\uti_32.exe -> Logger.Agent.gk : Cleaned with backup
[2032] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[2228] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
[3416] C:\WINDOWS\System32\uti_32.dll -> Logger.Agent.gk : Error during cleaning
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\owner@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Local Settings\Temp\ei.exe -> Downloader.Small.bgl : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Local Settings\Temp\temp.fr7A66\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Local Settings\Temp\temp.fr7A66\Programs\whagent.exe -> Spyware.WebHancer : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Local Settings\Temp\temp.fr7A66\Programs\whiehlpr.dll -> Adware.WebHancer : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL -> Spyware.FunWeb : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL -> Spyware.Wesbar : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE -> Spyware.Wesbar : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\SpyAxe\SpyAxe.exe -> Adware.Spyaxe : Cleaned with backup
C:\Program Files\SpyTrooper\heur002.dll -> Adware.SpySheriff : Cleaned with backup
C:\Program Files\SpyTrooper\IESecurity.dll -> Spyware.SpywareNo : Cleaned with backup
C:\Program Files\SpyTrooper\ProcMon.dll -> Adware.SpySheriff : Cleaned with backup
C:\Program Files\SpyTrooper\Uninstall.exe -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP31\A0003100.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP31\A0003101.dll -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP31\A0003114.exe -> Logger.VB.eh : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP31\snapshot\MFEX-3.DAT -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP31\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP40\A0010445.dll -> Adware.WebRebates : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP40\A0010446.exe -> Adware.WebRebates : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP45\A0010578.exe -> Adware.WebRebates : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP48\A0010667.exe -> Adware.WebRebates : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP50\A0010721.exe -> Adware.WebRebates : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP50\A0010728.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP50\A0010744.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP59\A0010909.exe -> Logger.Agent.gk : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP59\A0010910.dll -> Logger.Agent.gk : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP59\A0010911.exe -> Logger.VB.eh : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP62\A0011049.exe -> Adware.Spyaxe : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011924.exe -> Trojan.LowZones.am : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011927.exe -> Downloader.Dyfuca.EI : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011934.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011939.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011943.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011944.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011945.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011957.exe -> Adware.Spyaxe : Cleaned with backup
C:\WINDOWS\noC=.exe/mrjj.exe -> Trojan.LowZones.am : Cleaned with backup
C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.EI : Cleaned with backup
C:\WINDOWS\pi1_25.exe -> Downloader.Small.afq : Cleaned with backup
C:\WINDOWS\system32\1024\ld81E9.tmp -> Dropper.Small.akq : Cleaned with backup
C:\WINDOWS\system32\ld573F.tmp -> Downloader.Zlob.dn : Cleaned with backup
C:\WINDOWS\system32\mssearchnet.exe -> Downloader.Zlob.bu : Cleaned with backup
C:\WINDOWS\system32\uti_32.dll -> Logger.Agent.gk : Cleaned with backup
C:\WINDOWS\system32\uti_32.exe -> Logger.Agent.gk : Cleaned with backup
C:\WINDOWS\system32\wbeconm.dll -> Downloader.SpyAxe : Cleaned with backup
C:\WINDOWS\Temp\cfdbpkmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\cmpbbaid.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\webhdll.dll -> Spyware.WebHancer : Cleaned with backup
C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Spyware.WebHancer : Cleaned with backup


::Report End



My Hijackthis report is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 7:51:15 PM, on 1/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\System32\ir5uti.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\ir5uti.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner.AMANDA\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\System32\hp65CE.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [virD] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ir5uti] C:\WINDOWS\System32\ir5uti.exe
O4 - HKCU\..\RunOnce: [ir5uti] C:\WINDOWS\System32\ir5uti.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136159489561
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



Any help would be very appriciated.

Jeff Gammon
  • 0

Advertisements

#2
sari
Posted 06 January 2006 - 09:36 AM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
Hi Jefflax07 - welcome to Geeks to Go. I'm currently reviewing your log and will be posting a fix shortly.

sari
  • 0

#3
sari
Posted 06 January 2006 - 10:23 AM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
JeffLax07,

You have a Spyaxe infection. Please print these instructions for reference during safe mode.

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to its own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED:
===================================================
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\System32\hp65CE.tmp
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [virD] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKCU\..\Run: [ir5uti] C:\WINDOWS\System32\ir5uti.exe
O4 - HKCU\..\RunOnce: [ir5uti] C:\WINDOWS\System32\ir5uti.exe
===================================================

Close HiJackThis.

Make sure hidden files and folders are showing:

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Delete the following folder:

C:\Program Files\webHancer

Delete the following file:

C:\WINDOWS\System32\ir5uti.exe

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.
Let us know if any problems persist.

Thanks,

sari
  • 0

#4
JeffLax07
Posted 09 January 2006 - 07:52 PM

JeffLax07

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
did all that you suggested. Everything appears fine but Panda says I still have a few spyware issues. Here are my logs

Panda:


Incident Status Location

Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\owner@ask[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\owner@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\owner@belnk[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\owner@cliks[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\owner@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\owner@go[2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\owner@offeroptimizer[2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\owner@servlet[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\owner@target[2].txt
Spyware:Cookie/TopRebates.com Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\owner@toprebates[2].txt
Spyware:Cookie/SpySheriff Not disinfected C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt
Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\Owner.AMANDA\Desktop\Hijackthis\backups\backup-20060109-161532-288.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner.AMANDA\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner.AMANDA\Desktop\smitRem.exe[Process.exe]
Dialer:Dialer.BEW Not disinfected C:\Documents and Settings\Owner.AMANDA\Local Settings\Temporary Internet Files\Content.IE5\8HW30W9X\connect[1][Content]
Dialer:Dialer.BEW Not disinfected C:\Documents and Settings\Owner.AMANDA\Local Settings\Temporary Internet Files\Content.IE5\X193RR30\connect[1][Content]
Possible Virus. Not disinfected C:\I386\AolCoach.cab[ACHtmfu.dll]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
Adware:adware program Not disinfected C:\WINDOWS\system32\data.~

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 8:47:10 PM, on 1/9/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner.AMANDA\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136159489561
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Ewido:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:29:44 PM, 1/9/2006
+ Report-Checksum: 412ADA16

+ Scan result:

C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner.AMANDA\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011971.DLL -> Spyware.FunWeb : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011972.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011973.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011974.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011975.SCR -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011976.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011977.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011978.EXE -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011979.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011980.DLL -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011981.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011982.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011983.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011984.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011985.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011986.EXE -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011987.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011988.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011989.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011990.dll -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011991.dll -> Spyware.SpywareNo : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011992.dll -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011993.exe -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011994.exe/mrjj.exe -> Trojan.LowZones.am : Error during cleaning
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011995.exe -> Downloader.Dyfuca.EI : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011996.exe -> Downloader.Small.afq : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011997.dll -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP64\A0011998.exe/WhAgent.exe -> Spyware.WebHancer : Error during cleaning
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP75\A0012504.dll -> Logger.Agent.gk : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP75\A0012505.exe -> Logger.Agent.gk : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP75\A0012506.exe -> Downloader.Zlob.bu : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP75\A0012507.dll -> Downloader.SpyAxe : Cleaned with backup
C:\System Volume Information\_restore{3F18E699-C19D-4C6B-8A61-7ED058778408}\RP75\A0012698.exe -> Logger.Agent.gk : Cleaned with backup
C:\WINDOWS\system32\uti_32.dll -> Logger.Agent.gk : Cleaned without backup
C:\WINDOWS\system32\uti_32.exe -> Logger.Agent.gk : Cleaned without backup


::Report End

Thanks for all the help
  • 0

#5
sari
Posted 10 January 2006 - 02:56 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
JeffLax07,

You're looking much better. Please print these instructions for reference in safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

MyWebSearch

Please delete these folders using Windows Explorer(if present):

C:\Program Files\MyWebSearch

Please search for the following file:

C:\WINDOWS\system32\data.~

If it's on your system, please delete it.

After that, Reboot.

Download and install CleanUp!
NOTE: Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files (if present)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to log-off/reboot at the end, if it does please do so.

Please post another hijackthis log and let me know how everything is.

Thanks,

sari
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP