HJT Analysis for what looks like the win32.mt.rs virus
| Author |
Message |
madashell
Joined: 18 Jul 2006
Posts: 8
|
 Post subject: HJT Analysis for what looks like the win32.mt.rs virus |
 |
|
Got this from a Registry Cleaner...it does a about 3 different types of popup telling me I'm infected, & to click to download software to remove it. It's also made my whole system somewhat buggy...
Good luck with the analysis. Here's the log:
Logfile of HijackThis v1.99.1
Scan saved at 11:01:04 AM, on 18/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nikon Camera\Picture Project\NkbMonitor.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe
C:\Documents and Settings\bac\My Documents\Downloads\AAA-PC Utilities\MalwareFixFiles\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beatels.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R3 - Default URLSearchHook is missing
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\bin\ZendIEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon Camera\Picture Project\NkbMonitor.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\bin\ZendIEToolbar.dll
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\bin\ZendIEToolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://stream10k.redhotnetworks.com/cabs/videox.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020124/qtinstall.info.apple.com/qt505/uk/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/285c1b2744923879db06/netzip/RdxIE601.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.57-deleon/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129614108990
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC8D380D-34D9-4BF5-888D-371C60D59E9E}: NameServer = 203.2.75.132,198.142.0.51
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL41 - Unknown owner - C:\mysql\bin\mysqld-nt".exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe |
|
Tue Jul 18, 2006 1:46 am
 |
|
 |
HJT Analyzer
Joined: 15 Mar 2006
Posts: 636
|
| Post subject: My HijackThis log |
|
|
Hello, visitor!
The Hijack This log analyzer has analyzed your log. Please take a closer look on the results.
Your system seems to be infected with malicious parasites. Please follow the steps below in order to eliminate the infection and clean up your computer.
1. Download the Pocket KillBox utility. You will need it later to delete parasite-related files and folders.
2. Use HijackThis to fix the following entries:
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll3. The following entries are not malicious, but some of them are not used anymore. You may use HijackThis to fix a few of them. However, please keep in mind that some of the entries marked as Questionable or Not Needed are fully legitimate and might be required by installed software to work properly, while some others might be related to certain parasites. It is up to you to decide whether you need any of them, or not.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beatels.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra ''Tools'' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra ''Tools'' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\bin\ZendIEToolbar.dll
O9 - Extra ''Tools'' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\bin\ZendIEToolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://stream10k.redhotnetworks.com/cabs/videox.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020124/qtinstall.info.apple.com/qt505/uk/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/285c1b2744923879db06/netzip/RdxIE601.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.57-deleon/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129614108990
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC8D380D-34D9-4BF5-888D-371C60D59E9E}: NameServer = 203.2.75.132,198.142.0.51
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: MySQL41 - Unknown owner - C:\mysql\bin\mysqld-nt".exe (file missing)4. Now restart your system in Safe Mode. This step is very important!
5. Use the Pocket KillBox utility to delete the following files:
C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
The following files and Windows registry entries are marked as "unknown". Currently, the HijackThis Log Analyzer cannot provide required information on these items. The files and entries in the list below can be both malicious and fully legitimate. Because of this, please do not take any action! Wait for the forum responders or other forum users to provide you with necessary details and further instructions.
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Nikon Camera\Picture Project\NkbMonitor.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon Camera\Picture Project\NkbMonitor.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe
After going through all the steps, run another HijackThis scan and post a fresh log to the HijackThis analyzer. It is possible that some parasites your system was infected with were not removed completely and may restore themselves later.
If you want to see more detailed analysis of your log, click here.
Thank you for using the 2-Spyware.com HijackThis log analyzer! |
|
Tue Jul 18, 2006 1:46 am
|
|
|
madashell
Joined: 18 Jul 2006
Posts: 8
|
| Post subject: Still there... |
|
|
Not sure about the Canon file, so I merely put it in the recycle bin, but used HJT to fix some of suspicious/ unecesary looking entries in the log (which weren't many).
This is what I have now:
Logfile of HijackThis v1.99.1
Scan saved at 1:47:10 PM, on 18/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Nikon Camera\Picture Project\NkbMonitor.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\bac\My Documents\Downloads\AAA-PC Utilities\MalwareFixFiles\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beatels.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\bin\ZendIEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon Camera\Picture Project\NkbMonitor.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\bin\ZendIEToolbar.dll
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\bin\ZendIEToolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020124/qtinstall.info.apple.com/qt505/uk/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/285c1b2744923879db06/netzip/RdxIE601.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.57-deleon/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129614108990
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC8D380D-34D9-4BF5-888D-371C60D59E9E}: NameServer = 203.2.75.132,198.142.0.51
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL41 - Unknown owner - C:\mysql\bin\mysqld-nt".exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe |
|
Tue Jul 18, 2006 3:52 am
|
|
|
madashell
Joined: 18 Jul 2006
Posts: 8
|
| Post subject: I started a new thread... |
|
|
See new thread... |
|
Tue Jul 18, 2006 4:00 am
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi, madashell. Welcome to the 2-Spyware.com forums!
Please follow these steps:
1. Use HijackThis to fix the following entries:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
2. Download the trial version of ewido anti-spyware. Install the program, update its definitions and run a complete system scan. Remove all the threats the application will find.
3. After you get done, run new HijackThis scan and post a fresh log here. |
|
Wed Jul 19, 2006 6:47 am
|
|
|
madashell
Joined: 18 Jul 2006
Posts: 8
|
| Post subject: Could these be legitimate? |
|
|
Hi there,
Thank you so much for all of your help!
I was just about to delete these:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
Before I do, could you let me know one thing?...I develop web sites on my local machine, and I have Apache on my machine as my web server...If I delete these settings would they stop me from being able to view localhost (which runs on 127.0.0.1) via my web browser? |
|
Wed Jul 19, 2006 12:55 pm
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi, madashell.
In such case, please leave these entries intact. Apache might need them.
By the way, malware often creates entries like that, so it's easy to get confused  . |
|
Wed Jul 19, 2006 2:40 pm
|
|
|
madashell
Joined: 18 Jul 2006
Posts: 8
|
| Post subject: Looks like Ewido picked it up! Thank you! |
|
|
Thank you very much for all of your help! Amazing!
I didn't fix those 2 other keysin HijackThis, butI did download Ewido and gave it a burl...it found 169 infections, 3 of them critical trojans which I am hoping fixes the issue once and for all! (Spybot missed them all...).Here's the Ewido log:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:47:58 AM 20/07/2006
+ Scan result:
C:\Program Files\Fox Magic\Mr. Captor 3.32\ghook.dll -> Adware.DigitalNames : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iifca.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\Cache\71F545FEd01 -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\Cache\B23E4567d01 -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\Documents and Settings\bac\My Documents\Downloads\AAA-PC Utilities\Registry Cleaners\max_registry_cleaner_keygen.exe -> Dropper.Agent.arv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\components\flx5.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Ignored.
:mozilla.282:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.330:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.338:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.340:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.576:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.691:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\bac\Application Data\Mozilla\Profiles\default\ame025pu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\bac\Application Data\Mozilla\Profiles\default\ame025pu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\bac\Application Data\Mozilla\Profiles\default\ame025pu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\bac\Application Data\Mozilla\Profiles\default\ame025pu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.244:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.245:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.819:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.742:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.743:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.744:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.258:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.259:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.165:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.325:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.328:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.329:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.753:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.354:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.355:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.193:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.194:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.129:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.371:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.372:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.373:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.296:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.297:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.298:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.299:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.300:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.876:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.877:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.88:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.96:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.97:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.98:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.426:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.476:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.823:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.824:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.825:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.826:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.827:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.828:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.571:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.572:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.610:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.252:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.253:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.254:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.255:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.620:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.621:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.172:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.173:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.174:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.180:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.181:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.182:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.183:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.184:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.185:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.186:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.187:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.188:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.189:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.190:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.626:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.11:C:\Documents and Settings\bac\Application Data\Mozilla\Profiles\default\ame025pu.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.12:C:\Documents and Settings\bac\Application Data\Mozilla\Profiles\default\ame025pu.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.13:C:\Documents and Settings\bac\Application Data\Mozilla\Profiles\default\ame025pu.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.166:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.167:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.168:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.169:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.170:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.171:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.652:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.655:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.656:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.657:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.658:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.659:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.660:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.661:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.662:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.663:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.664:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.665:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.666:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.667:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.668:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.669:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.670:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.671:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.672:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.673:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.674:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.675:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.676:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.677:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.678:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.679:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.680:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.681:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.682:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.683:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.692:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.693:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.699:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.700:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.750:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.751:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.752:C:\Documents and Settings\bac\Application Data\Mozilla\Firefox\Profiles\x8s9g23l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup (quarantined).
::Report end |
|
Wed Jul 19, 2006 4:54 pm
|
|
|
madashell
Joined: 18 Jul 2006
Posts: 8
|
| Post subject: Whoa - not so fast... |
|
|
Adaware:Virtumonde
windows\system32\iifca.dll
At least I know it's there! I'll try to delete it from within safe mode - let me know if you have any suggestions on that one! |
|
Wed Jul 19, 2006 5:19 pm
|
|
|
madashell
Joined: 18 Jul 2006
Posts: 8
|
| Post subject: Still there... |
|
|
It's still there I'm afraid...
I've tried going in to safe mode and deleting iifca.dll with KillBox but it couldn't delete it.
I tried using Vundofix, but it found nothing
I ran CCleaner, and it couldn't get rid of it...
If anyone has any ideas on removing iifca.dll, please help!
Here's my current HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 5:17:13 PM, on 20/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Nikon Camera\Picture Project\NkbMonitor.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\bac\My Documents\Downloads\AAA-PC Utilities\MalwareFixFiles\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beatels.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\bin\ZendIEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon Camera\Picture Project\NkbMonitor.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\bin\ZendIEToolbar.dll
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\bin\ZendIEToolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020124/qtinstall.info.apple.com/qt505/uk/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/285c1b2744923879db06/netzip/RdxIE601.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.57-deleon/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129614108990
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC8D380D-34D9-4BF5-888D-371C60D59E9E}: NameServer = 203.2.75.132,198.142.0.51
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL41 - Unknown owner - C:\mysql\bin\mysqld-nt".exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe |
|
Thu Jul 20, 2006 7:17 am
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi, madashell.
Please do this:
1. Download the VundoFix.exe tool.
2. Download Pocket KillBox or KillBox utility.
3. Use VundoFix.exe to remove the infection. VundoFix.exe official usage instructions:
* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
4. Then use either Pocket KillBox or KillBox to delete the following file:
C:\WINDOWS\system32\components\flx5.dll
Also, delete the following directory:
C:\WINDOWS\system32\components |
|
Thu Jul 20, 2006 12:38 pm
|
|
|
madashell
Joined: 18 Jul 2006
Posts: 8
|
| Post subject: Still in big trouble... |
|
|
Hi GTO, I did all of those steps, but Vundofix found nothing to delete (though I did do both things in step 4). Ewido was going crazy with infection notifications for Virtumundo, and I decided to give Prevx1 a go (let me know if that was a bad move). It finds many infections and removes them, but when I scan again, something new is in it's place
There must be something somewhere in my pc that's taking viruses & installing them as fast as I can delete them...
Here's my HJT log now:
Logfile of HijackThis v1.99.1
Scan saved at 12:27:25 AM, on 23/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Nikon Camera\Picture Project\NkbMonitor.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\bac\Application Data\Microsoft\Internet Explorer\Quick Launch\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beatels.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\bin\ZendIEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon Camera\Picture Project\NkbMonitor.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\bin\ZendIEToolbar.dll
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\bin\ZendIEToolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020124/qtinstall.info.apple.com/qt505/uk/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/285c1b2744923879db06/netzip/RdxIE601.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.57-deleon/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129614108990
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC8D380D-34D9-4BF5-888D-371C60D59E9E}: NameServer = 203.2.75.132,198.142.0.51
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL41 - Unknown owner - C:\mysql\bin\mysqld-nt".exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
---------------------------------------------------------------------------------------------------------------------------------------
Can you please let me know if you have any ideas on this one? Thanks for taking the time! |
|
Sat Jul 22, 2006 2:46 pm
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi, madashell.
Please try this:
1. Download the smitRem tool and unpack its files to a chosen folder.
2. Restart your system in Safe Mode. This step is very important!
3. Once in Safe Mode, run the smitRem tool by executing the RunThis.bat file. The smitRem tutorial can be found here.
4. After you get done, restart your computer, run new HijackThis scan and post a fresh log here.
If the above steps will not work, you will have to download the SmitFraudFix tool, restart your system in Safe Mode and run a scan. The SmitFraudFix guide can be found on the official web site. |
|
Tue Jul 25, 2006 11:30 am
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
Recommended software:
Spyware Doctor
 (91/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...
SUPERAntiSpyware
 (89/100)
SUPERAntiSpyware is a powerful, highly effective spyware remover introducing advanced parasite detection and removal features along with reliable real-time protection. The program is not...
CounterSpy
 (85/100)
CounterSpy is a powerful spyware remover based on revolutionary hybrid engine, which incorporates traditional anti-spyware and advanced antivirus engines. Such combination allows CounterSpy...
Malwarebytes Anti Malware
 (75/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...
Windows Defender
(75/100)
Windows Defender is a free anti-spyware program made by the leading software company to add native spyware protection to its most popular product - the Microsoft Windows operating...
Encyclopedia of parasites:
|
