Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware removal unsuccessfull, SpySherirff plauges me still.

Started by i_am_the_God_complex , Jan 17 2006 07:44 PM

  • Please log in to reply

#1
i_am_the_God_complex
Posted 17 January 2006 - 07:44 PM

i_am_the_God_complex

    New Member

  • Member
  • Pip
  • 7 posts
Alright, first of all, just wanted to let you guys know, that I posted earlier today, and when I went back to read my post, some of my Reports were cut off at the end. I tried several times to edit it so I could get the whole post in, but after 5 tries, I am just posting a new one, so you guys can have all of the log files you need.

I'm sorry, I know it says not to repost, but I am at a loss, I don't knwo what else to do, as I said before I tried to edit to get off my logs in, but no success.

SSooooo....here goes a second try.


I have run all the software, posted on your site here, for self help, to get rid of malware. Which helped a ton, I no longer have to wait 4 mins to load up a folder I open up. How ever I still have a few issues, that still make it hard to use my computer. First up is I still have a blue screen as Desktop, The "Warning" sign is gone, but still can't get rid of the blue. Second is, on your page for Panda, It instructed me to post here,

Quote "If anything suspicious is found, or any problems persist, please post the contents of the Panda scan report, along with a HijackThis Log, the contents of smitfiles.txt and the Ewido Log in our Malware Removal Forum."


Here goes, here, are all of my logs.



Incident Status Location

Adware:Adware/FCHelp Not disinfected C:\PROGRAM FILES\FCHELP\FCHELP.EXE
Adware:Adware/Findtheweb Not disinfected C:\WINDOWS\WINSYSUPD.EXE
Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\FCHelp.dll
Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\FCHelp.exe
Adware:adware program Not disinfected C:\WINDOWS\SYSTEM32\data.~
Adware:adware/secure32 Not disinfected C:\WINDOWS\SYSTEM32\scmt16.exe
Adware:adware/dollarrevenue Not disinfected C:\drsmartload1.exe
Adware:adware/cws.yexe Not disinfected C:\messanger.ini
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\kl.exe
Adware:adware/e2give Not disinfected C:\PROGRAM FILES\E2G
Adware:adware/spysheriff Not disinfected Windows Registry
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\LTMERITT\Cookies\[email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\LTMERITT\Cookies\[email protected][2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@fastclick[1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@hotlog[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@maxserving[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\LTMERITT\Cookies\[email protected][2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@revenue[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@trafficmp[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@valueclick[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\LTMERITT\Cookies\[email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\LTMERITT\Cookies\[email protected][2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@fastclick[1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@hotlog[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@maxserving[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\LTMERITT\Cookies\[email protected][2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@revenue[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@trafficmp[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\LTMERITT\Cookies\ltmeritt@valueclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\LTMERITT\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\LTMERITT\Desktop\smitRem.exe[Process.exe]
Adware:Adware/E2Give Not disinfected C:\Documents and Settings\LTMERITT\Local Settings\Temp\ei.exe
Adware:Adware/FCHelp Not disinfected C:\Documents and Settings\LTMERITT\Local Settings\Temp\fcHelp.exe
Adware:Adware/Findtheweb Not disinfected C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\2POBQD2X\winsysban[1].exe
Adware:Adware/E2Give Not disinfected C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\ei[1].exe
Adware:Adware/FCHelp Not disinfected C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\fcHelp[1].exe
Virus:Bck/Itos.M Disinfected C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\latest[1].exe
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\sploitadv494[1].anr
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\sploit[1].anr
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\sploit[2].anr
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\sploit[3].anr
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\sploit[4].anr
Adware:Adware/Findtheweb Not disinfected C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\winsysban[1].exe
Virus:Trj/Moli.EU Disinfected C:\drsmartload1.exe
Adware:Adware/E2Give Not disinfected C:\Program Files\E2G\__delete_on_reboot__IeBHOs.dll
Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\FCHelp.dll
Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\FCHelp.exe
Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\Uninstall.exe
Spyware:Spyware/New.net Not disinfected C:\Program Files\FileSubmit\Hello Kitty\NNEZSTB3.exe
Adware:Adware/ConsumerAlertSystem Not disinfected C:\WINDOWS\pf78.exe
Adware:Adware/ZQuest Not disinfected C:\WINDOWS\system32\0ce89y3o.dll
Adware:Adware/InstaFinder Not disinfected C:\WINDOWS\system32\InstaFinder_inst245.exe
Virus:Trj/Agent.APG Disinfected C:\WINDOWS\system32\__delete_on_reboot__eri_32.dll
Virus:Bck/Galapoper.IN Disinfected C:\WINDOWS\system32\~update.exe
Adware:Adware/Findtheweb


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:06:45 PM, 1/16/2006
+ Report-Checksum: D931E58

+ Scan result:

HKU\S-1-5-21-2052111302-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2052111302-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKU\S-1-5-21-2052111302-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-2052111302-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-2052111302-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} -> Spyware.LinkReplacer : Cleaned with backup
HKU\S-1-5-21-2052111302-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
HKU\S-1-5-21-2052111302-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B} -> Spyware.SaveNow : Cleaned with backup
[648] C:\WINDOWS\system32\child.dll -> Downloader.Small.bug : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\0JFV689H\mm[10].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\0JFV689H\mm[11].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\0JFV689H\mm[12].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\0JFV689H\mm[13].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\0JFV689H\mm[14].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\0JFV689H\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\0JFV689H\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\0JFV689H\mm[4].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\0JFV689H\mm[5].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\0JFV689H\mm[6].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\0JFV689H\mm[7].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\0JFV689H\mm[8].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\0JFV689H\mm[9].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[10].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[11].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[12].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[13].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[14].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[15].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[16].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[17].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[18].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[19].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[20].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[21].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[22].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[23].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[24].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[4].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[5].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[6].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[7].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[8].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\1V7QPDHP\mm[9].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\2POBQD2X\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[10].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[11].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[12].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[13].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[14].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[15].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[16].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[18].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[19].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[20].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[21].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[22].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[23].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[24].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[4].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[5].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[6].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[7].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[8].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4PYZSLMV\mm[9].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[10].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[11].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[12].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[13].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[14].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[15].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[16].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[17].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[18].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[19].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[20].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[21].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[22].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[23].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[4].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[5].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[6].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[7].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[8].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\4XY7CDEB\mm[9].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\7JDV3HOS\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\7JDV3HOS\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\7JDV3HOS\mm[4].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\7JDV3HOS\mm[5].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[10].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[11].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[12].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[13].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[14].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[15].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[16].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[17].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[18].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[19].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[20].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[21].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[22].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[23].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[24].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[25].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[26].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[27].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[28].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[29].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[30].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[31].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[32].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[33].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[34].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[35].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[36].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[37].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[38].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[39].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[40].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[4].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[5].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[6].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[7].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[8].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\C1QZWXMF\mm[9].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\CDKDIB4H\mm[10].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\CDKDIB4H\mm[11].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\CDKDIB4H\mm[12].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\CDKDIB4H\mm[13].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\CDKDIB4H\mm[14].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\CDKDIB4H\mm[15].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\CDKDIB4H\mm[16].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\CDKDIB4H\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\CDKDIB4H\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\CDKDIB4H\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\CDKDIB4H\mm[4].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\CDKDIB4H\mm[6].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\CDKDIB4H\mm[7].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\CDKDIB4H\mm[8].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\CDKDIB4H\mm[9].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\EBWMQTGO\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\EBWMQTGO\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\EIBPX35Z\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\EIBPX35Z\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\EIBPX35Z\mm[4].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\EIBPX35Z\mm[5].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\EIBPX35Z\mm[6].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\EIBPX35Z\mm[7].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\EIBPX35Z\mm[8].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[10].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[11].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[12].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[13].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[14].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[15].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[16].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[17].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[18].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[19].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[20].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[21].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[22].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[23].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[24].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[25].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[26].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[27].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[28].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[29].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[30].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[4].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[5].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[6].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[7].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[8].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\FPZRJTLM\mm[9].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\HCLDJLLR\mm[10].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\HCLDJLLR\mm[11].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\HCLDJLLR\mm[12].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\HCLDJLLR\mm[13].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\HCLDJLLR\mm[14].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\HCLDJLLR\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\HCLDJLLR\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\HCLDJLLR\mm[4].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\HCLDJLLR\mm[5].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\HCLDJLLR\mm[6].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\HCLDJLLR\mm[7].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\HCLDJLLR\mm[8].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\HCLDJLLR\mm[9].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\IQU5HXGI\mm[10].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\IQU5HXGI\mm[11].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\IQU5HXGI\mm[12].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\IQU5HXGI\mm[13].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\IQU5HXGI\mm[14].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\LTMERITT\Local Setti

Attached Files


  • 0

Advertisements

#2
Flrman1
Posted 17 January 2006 - 08:21 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Welcome to G2G! :tazz:

Please do this:

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
i_am_the_God_complex
Posted 17 January 2006 - 08:41 PM

i_am_the_God_complex

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I have already done this, for some reason, it wasn't taking all of my post, but here it is. I also have these three log fileLogfile of HijackThis v1.99.1
Scan saved at 12:28:16 PM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RioMSC.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EQTraffic\EQTraffic.exe
C:\Program Files\FCHelp\FCHelp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\OIX4173V\HijackThis[2].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: (no name) - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 5590625
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EQTraffic] "C:\Program Files\EQTraffic\EQTraffic.exe"
O4 - HKCU\..\Run: [FCHelp] "C:\Program Files\FCHelp\FCHelp.exe"
O4 - HKCU\..\Run: [msveri] C:\WINDOWS\system32\msveri.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com...cpConnCheck.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113969785343
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {994D478A-2BD0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCHelp\FCHelp.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vumlrth.exe (file missing)s if you want to look at them.

Attached Files


  • 0

#4
Flrman1
Posted 17 January 2006 - 08:49 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
You are running Hijack This from your Temporary Internet Files. It will not function properly when run from a Temporary folder. Before we can fix anything using Hijack This, you need to redownload it properly.

First go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK.

Now download Hijack This again according to these directions:

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#5
Flrman1
Posted 17 January 2006 - 09:00 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Also please do this:

Go to the forum here and upload ALL the files found in the C:\Program Files\EQTraffic folder.

Here are the directions for uploading the files:

Just click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the files on your computer. If there are multiple files to be uploaded click the "More attachments" button for each extra file and browse to the files. When ALL the files are listed in the windows click "Post" to upload the files.

Don't forget to post a link to your thread here.
  • 0

#6
i_am_the_God_complex
Posted 17 January 2006 - 09:05 PM

i_am_the_God_complex

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Alright, good as done, Didn't know there was a differance. anyhow, It's done correctly this time. Sorry, for the mix up.

Thanks for all the help.

Logfile of HijackThis v1.99.1
Scan saved at 9:02:23 PM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RioMSC.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EQTraffic\EQTraffic.exe
C:\Program Files\FCHelp\FCHelp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: (no name) - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 5590625
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EQTraffic] "C:\Program Files\EQTraffic\EQTraffic.exe"
O4 - HKCU\..\Run: [FCHelp] "C:\Program Files\FCHelp\FCHelp.exe"
O4 - HKCU\..\Run: [msveri] C:\WINDOWS\system32\msveri.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com...cpConnCheck.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113969785343
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {994D478A-2BD0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCHelp\FCHelp.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vumlrth.exe (file missing)
  • 0

#7
Flrman1
Posted 17 January 2006 - 09:19 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
I'm going through your log now. I just wanted to make sure you saw this:

Also please do this:

Go to the forum here and upload ALL the files found in the C:\Program Files\EQTraffic folder.

Here are the directions for uploading the files:

Just click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the files on your computer. If there are multiple files to be uploaded click the "More attachments" button for each extra file and browse to the files. When ALL the files are listed in the windows click "Post" to upload the files.

Don't forget to post a link to your thread here.

Please do that now while I go through your Hijack This log and prepare further instructions.
  • 0

#8
i_am_the_God_complex
Posted 17 January 2006 - 09:21 PM

i_am_the_God_complex

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Lol. Just got though with it. Man your FAST! I like that in a man!!

No really, here's the link.


and thnaks.


http://www.thespykil...hp?topic=1088.0
  • 0

#9
Flrman1
Posted 17 January 2006 - 09:30 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* First I want you to download the following tools then follow the directions below in the exact order in which they are written.


* Click here to download Windowsoverlaycomponents.zip. Download it and save it to your desktop.
Unzip it to extract the Windowsoverlaycomponents.reg file it contains.
Don't run the reg file yet.


* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Click Start > Run > and type in:

services.msc

Click OK.

In the services window find Windows Overlay Components.
Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. Exit the Services utility.

Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest of these directions.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll (file missing)

O2 - BHO: (no name) - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - (no file)

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe

O4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 5590625

O4 - HKCU\..\Run: [FCHelp] "C:\Program Files\FCHelp\FCHelp.exe"

O4 - HKCU\..\Run: [msveri] C:\WINDOWS\system32\msveri.exe

O18 - Filter: text/html - {994D478A-2BD0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCHelp\FCHelp.dll

O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)


* Exit Hijack This.


* Doubleclick on the Windowsoverlaycomponents.reg file to add it to the registry. Answer yes to confirm the merge.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\PROGRAM FILES\FCHELP

    C:\WINDOWS\WINSYSUPD.EXE

    C:\WINDOWS\SYSTEM32\data.~

    C:\WINDOWS\SYSTEM32\scmt16.exe

    C:\drsmartload1.exe

    C:\WINDOWS\system32\msveri.exe

    c:\secure32.html

    c:\Windows\secure32.html

    C:\messanger.ini

    C:\WINDOWS\kl.exe

    C:\PROGRAM FILES\E2G

    C:\Program Files\FileSubmit\Hello Kitty\NNEZSTB3.exe

    C:\WINDOWS\pf78.exe

    C:\WINDOWS\system32\0ce89y3o.dll

    C:\WINDOWS\system32\InstaFinder_inst245.exe

    C:\WINDOWS\system32\~update.exe

  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Next in Killbox go to Tools > Delete Temp Files
  • In the window that pops up, put a check by ALL the options there except these three:
    • XP Prefetch
    • Recent
    • History
  • Now click the Delete Selected Temp Files button.
  • Exit the Killbox.

* Restart back into Windows normally now.


* Go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the "Delete Cookies" button to clear all cookies.


* Run Kaspersky online virus scan here.

When given the option, choose the "Extended database" for the scan.

When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
  • 0

#10
Flrman1
Posted 17 January 2006 - 09:44 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
You didn't upload all the files in the C:\Program Files\EQTraffic folder. I know there is an EQTraffic.exe file in there and probably others. The files may be hidden so click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Now please go back to that same topic ......http://www.thespykiller.co.uk/forum/index.php?topic=1088.new#new and upload the rest of the files.
  • 0

#11
i_am_the_God_complex
Posted 18 January 2006 - 07:20 AM

i_am_the_God_complex

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Alright, here is the kasper, and hijack log again.




Logfile of HijackThis v1.99.1
Scan saved at 7:18:21 AM, on 1/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RioMSC.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EQTraffic\EQTraffic.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\LTMERITT\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EQTraffic] "C:\Program Files\EQTraffic\EQTraffic.exe"
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com...cpConnCheck.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113969785343
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe



-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, January 18, 2006 07:10:16
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/01/2006
Kaspersky Anti-Virus database records: 161229
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 104233
Number of viruses found: 30
Number of infected objects: 64
Number of suspicious objects: 0
Duration of the scan process: 4517 sec

Infected Object Name - Virus Name
C:\!KillBox\kl.exe Infected: Trojan-Spy.Win32.Small.dg
C:\!KillBox\scmt16.exe Infected: Trojan-Downloader.Win32.PassAlert.n
C:\Documents and Settings\LTMERITT\Local Settings\Temp\ei.exe Infected: Trojan-Downloader.Win32.Small.bgl
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\DH9013[1].exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\DH9013[1].exe Infected: Trojan-Clicker.Win32.Small.jf
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\fillmemadv494[1].htm Infected: Exploit.JS.CVE-2005-1790.j
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\fillmemadv494[2].htm Infected: Exploit.JS.CVE-2005-1790.j
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\fillmemadv494[3].htm Infected: Exploit.JS.CVE-2005-1790.j
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\fillmemadv494[4].htm Infected: Exploit.JS.CVE-2005-1790.j
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\fillmemadv494[5].htm Infected: Exploit.JS.CVE-2005-1790.j
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\fillmemadv494[6].htm Infected: Exploit.JS.CVE-2005-1790.j
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\fillmemadv494[7].htm Infected: Exploit.JS.CVE-2005-1790.j
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\fillmemadv494[8].htm Infected: Exploit.JS.CVE-2005-1790.j
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\loaderadv494[1].exe Infected: Trojan-Downloader.Win32.PassAlert.n
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\new[1].htm Infected: Trojan-Downloader.JS.Agent.i
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\new[2].htm Infected: Trojan-Downloader.JS.Agent.i
C:\Documents and Settings\LTMERITT\Local Settings\Temporary Internet Files\Content.IE5\XTOUS3TF\winsysban[1].exe Infected: Trojan-Clicker.Win32.VB.kc
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP308\snapshot\MFEX-1.DAT Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058687.dll Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058710.exe Infected: not-virus:Hoax.Win32.Renos.as
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058731.dll Infected: Trojan.Win32.VB.aft
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058732.exe Infected: Trojan-Clicker.Win32.VB.is
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058733.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058734.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058735.exe Infected: Trojan-Downloader.Win32.Small.cam
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058740.dll Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058742.exe Infected: Email-Worm.Win32.Delf.i
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058743.exe Infected: Trojan-Proxy.Win32.Delf.an
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058744.exe Infected: Trojan-Downloader.Win32.CWS.s
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058745.exe Infected: Trojan-Downloader.Win32.Tiny.al
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058747.exe Infected: Trojan-Downloader.Win32.VB.nw
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058749.exe Infected: Trojan.Win32.VB.aft
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058750.dll Infected: Trojan-Spy.Win32.Agent.gk
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058751.exe Infected: Trojan.Win32.Delf.og
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058752.exe Infected: Trojan.Win32.Inject.i
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058753.exe Infected: Trojan-Downloader.Win32.Small.cbd
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058754.exe Infected: not-virus:Hoax.Win32.Renos.as
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058755.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058756.exe Infected: Trojan.Win32.Dialer.u
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058758.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058759.exe Infected: Trojan-Clicker.Win32.VB.ij
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058761.dll Infected: Trojan-Downloader.Win32.Small.bug
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058766.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058767.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058770.exe Infected: Trojan-Spy.Win32.Small.dg
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0058772.dll Infected: Trojan-Spy.Win32.Small.dg
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0059761.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0059762.exe Infected: Trojan.Win32.Delf.og
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0059763.dll Infected: Trojan-Spy.Win32.Small.dg
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0059771.exe Infected: Trojan-Clicker.Win32.VB.ij
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0059772.exe Infected: Trojan.Win32.StartPage.ahf
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0059773.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0059774.exe Infected: Trojan-Clicker.Win32.VB.ij
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0059780.exe Infected: Trojan-Downloader.Win32.VB.ut
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0059781.dll Infected: Trojan-Spy.Win32.Agent.gk
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0059782.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0059803.exe Infected: Trojan-Downloader.Win32.PassAlert.n
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\A0059805.exe Infected: Trojan-Spy.Win32.Small.dg
C:\System Volume Information\_restore{39AB94D1-37B3-476D-9239-F2B488A46CC5}\RP309\snapshot\MFEX-1.DAT Infected: Trojan-Clicker.Win32.Small.jf
C:\WINDOWS\system32\DH9013.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\WINDOWS\system32\DH9013.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\WINDOWS\system32\paradise.raw.exe Infected: Packed.Win32.Klone.b
C:\WINDOWS\WinDy.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\WINDOWS\WinDy.exe Infected: Trojan-Clicker.Win32.Small.jf

Scan process completed.



Alright, I'll try to upload. and yes I do have the folder, it also has three seperate txt.files in it. I thought I got it the first time, I guess I didn't. I'll try again however. Thanks.
  • 0

#12
i_am_the_God_complex
Posted 18 January 2006 - 12:50 PM

i_am_the_God_complex

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Btw, Not sure if it is important, or not, but when I ran killbox, and was pasteing the files I was told. There was one in there, C:\PROGRAM FILES\E2G , When I tried it, it said "Couldn't delete selected file" or somethinng simalar to that, either way, it wouldn't let me delete it.


Thanks.
  • 0

#13
Flrman1
Posted 19 January 2006 - 02:07 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)

O4 - HKCU\..\Run: [EQTraffic] "C:\Program Files\EQTraffic\EQTraffic.exe"


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\Program Files\EQTraffic

    C:\Program Files\E2G

    C:\WINDOWS\system32\DH9013.exe

    C:\WINDOWS\system32\paradise.raw.exe

    C:\WINDOWS\WinDy.exe

  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Next in Killbox go to Tools > Delete Temp Files
  • In the window that pops up, put a check by ALL the options there except these three:
    • XP Prefetch
    • Recent
    • History
  • Now click the Delete Selected Temp Files button.
  • Exit the Killbox.

* Restart back into Windows normally now.


* Go here and do an online virus scan. Choose "Complete Scan" and select all drives to scan.

When the scan is finished, anything that it cannot clean have it delete it.

Post a new HiJackThis log and report back what the Housecall scan found.
  • 0

#14
Flrman1
Posted 19 January 2006 - 02:08 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
IMPORTANT!: I see that you do not have an antivirus running or a firewall. If I may so this without being rude, with the net as it is these days it is quite foolish to be without an antivirus and a firewall. By all means get both ASAP!. See this thread for some good free ones.
  • 0

#15
Flrman1
Posted 29 January 2006 - 02:03 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
What's the status here?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP