1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please check my logs.. Pop ups driving me insane!

Discussion in 'Virus & Other Malware Removal' started by ianeb, Jul 29, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. ianeb

    ianeb Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    8
    Can somebody please help me! I have done all i can and seem to be hitting a brick wall in these forums. I have already posted in 2 other forums and no one has replied, am i doing something wrong? I am asking nicely! These pop ups are driving me mad, I have followed other instructions but to no avail, plus my HJT log isn't the same as others so the help on other threads is personal to that person..... Please I would be eternally grateful for assistance!!
    I worked through a fix on another site using BFU and AFT cleaner and superantispyware but even after i done it all I still had WINANTIVIRUS pop ups immediately after. I have also had several Trojan warnings from my AVG Virus program over the last few days.

    I would be VERY grateful if someone could assist me.

    HiJack This Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 09:30:29, on 29/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\Program Files\Windows Defender\MsMpEng.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    E:\WINDOWS\System32\GEARSec.exe
    E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\Explorer.EXE
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    E:\WINDOWS\system32\Rundll32.exe
    E:\Program Files\Windows Defender\MSASCui.exe
    E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    E:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    E:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    E:\Program Files\Netropa\Onscreen Display\OSD.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    E:\Program Files\MSN Messenger\msnmsgr.exe
    E:\Program Files\Internet Explorer\iexplore.exe
    E:\WINDOWS\system32\msiexec.exe
    E:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Norton Ghost 9.0] E:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148195606421
    O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - file://E:\Program Files\OpenCube\Visual Infinite Menus\comdlg32.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E67CD023-18D2-48C5-8D7E-6E0A9A7EDE5F}: NameServer = 212.74.112.67,212.74.112.68
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: GEARSecurity - GEAR Software - E:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: Norton Ghost - Symantec Corporation - E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

    Would you believe it! The moment I opened Hijackthis, The winantivirus pop ups appear! Crazy.

    Please let me know if any other information is required and i will be happy to assist.
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    what other forums have you posted in

    please post links so I can see what has already been done so we don't duplicate it and infromm them that you have moved here

    then

    Download Combofix to your desktop:

    * Double-click combofix.exe & follow the prompts.
    * When finished, it shall produce a log for you. Post that log in your next reply.


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    then

    • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!

    Reboot into Safe Mode
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Doubleclick WinPFind.exe
    • Click " Configure Scan Options"
    • Select " Run Add ONs" and then select ALL the options in the box below it, Press Apply
    • Now Click "Start Scan"
    • It will scan the entire System, so please be patient!
    • Once the Scan is Complete
      • Reboot back to Normal Mode!
      • Go to the WinPFind folder
      • Locate WinPFind.txt
      • Place those results in the next post!. It will be too big to post so you will need to attach it to your reply
     
  3. ianeb

    ianeb Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    8
    Hi thanks for the reply.

    http://www.bullguard.com/forum/8/Project1--winantivirus-pop-ups_33294.html

    That is the link for the instructions i followed, i haven't had any other hlp although i have looked through many forums but had no luck.....

    I have done what you asked and here is the report from combofix:

    Start Time= 29/07/2006 15:52:44.00
    Running from: E:\Program Files\Mozilla Firefox

    QuickScan did not find any signs of infected files

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-07-28 22:23:14 ( .D... ) "E:\Program Files\OpenCube"
    2006-07-28 21:23:56 ( .D... ) "E:\Program Files\The Logo Creator v5"
    2006-07-28 19:23:00 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\SUPERAntiSpyware.com"
    2006-07-28 18:39:00 ( .D... ) "E:\Program Files\Netropa"
    2006-07-22 21:19:54 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\Alien Skin"
    2006-07-22 15:24:22 ( .D... ) "E:\Program Files\TuneSleeve"
    2006-07-22 13:27:54 ( .D... ) "E:\Program Files\Macromedia"
    2006-07-22 13:27:54 ( .D... ) "E:\Program Files\Common Files\Macromedia"
    2006-07-14 19:50:36 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\Nvu"
    2006-07-07 20:20:18 ( .D... ) "E:\Program Files\K-litePro"
    2006-07-05 20:26:56 ( .D... ) "E:\Program Files\Spybot - Search & Destroy"
    2006-07-05 20:12:32 ( .D... ) "E:\Program Files\Trojan Remover"
    2006-07-05 19:36:54 ( .D... ) "E:\Program Files\Sports Interactive"
    2006-07-03 19:06:36 569396 ( ..SH. ) "E:\WINDOWS\system32\sstqq.dll"
    2006-07-01 23:58:54 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\Kazaa Lite"
    2006-07-01 23:22:48 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\.ABC"
    2006-07-01 22:27:36 39437 ( ..SH. ) "E:\WINDOWS\system32\efcyxya.dll"
    2006-07-01 14:30:14 ( .D... ) "E:\Program Files\QuickTime"
    2006-07-01 14:29:38 ( .D... ) "E:\Program Files\iTunes"
    2006-07-01 14:29:38 ( .D... ) "E:\Program Files\iPod"
    2006-06-25 20:05:54 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\Yahoo!"
    2006-06-25 20:04:30 ( .D... ) "E:\Program Files\Yahoo!"
    2006-06-19 20:53:04 ( .D... ) "E:\Program Files\MSN Messenger"
    2006-06-12 20:10:20 ( .D... ) "E:\Program Files\Common Files\xing shared"
    2006-06-12 20:10:14 176167 ( A.... ) "E:\WINDOWS\system32\rmoc3260.dll"
    2006-06-12 20:10:08 6656 ( A.... ) "E:\WINDOWS\system32\pndx5016.dll"
    2006-06-12 20:10:08 5632 ( A.... ) "E:\WINDOWS\system32\pndx5032.dll"
    2006-06-12 20:10:06 278528 ( A.... ) "E:\WINDOWS\system32\pncrt.dll"
    2006-06-12 20:10:04 ( .D... ) "E:\Program Files\Common Files\Real"
    2006-06-12 20:10:02 ( .D... ) "E:\Program Files\Real"
    2006-06-12 20:09:34 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\Real"
    2006-06-09 21:40:44 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\Lavasoft"
    2006-05-29 13:27:04 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\Adobe"
    2006-05-29 13:25:32 ( .D... ) "E:\Program Files\Common Files\Adobe"
    2006-05-29 13:25:32 ( .D... ) "E:\Program Files\Adobe"
    2006-05-29 13:24:08 109568 ( ..... ) "E:\WINDOWS\system32\pxinsi64.exe"
    2006-05-29 13:24:08 108544 ( ..... ) "E:\WINDOWS\system32\pxcpyi64.exe"
    2006-05-29 13:15:12 ( .D... ) "E:\Program Files\BitLord"
    2006-05-23 17:25:52 402736 ( A.... ) "E:\WINDOWS\system32\WgaLogon.dll"
    2006-05-21 20:52:18 354 ( A.... ) "E:\Documents and Settings\Ian Bleach\Application Data\AutoGK.ini"
    2006-05-21 12:09:06 43668 ( A.... ) "E:\WINDOWS\system32\xvid-uninstall.exe"
    2006-05-19 21:34:44 131072 ( A.... ) "E:\WINDOWS\system32\SpoonUninstall.exe"
    2006-05-19 13:59:42 148480 ( A.... ) "E:\WINDOWS\system32\dnsapi.dll"
    2006-05-19 13:59:42 111616 ( A.... ) "E:\WINDOWS\system32\dhcpcsvc.dll"
    2006-05-19 13:59:42 94720 ( A.... ) "E:\WINDOWS\system32\iphlpapi.dll"
    2006-05-13 19:06:04 107132 ( A.... ) "E:\WINDOWS\UninstallFirefox.exe"
    2006-05-10 18:27:00 499712 ( A.... ) "E:\WINDOWS\system32\msvcp71.dll"
    2006-05-10 18:27:00 348160 ( A.... ) "E:\WINDOWS\system32\msvcr71.dll"
    2006-05-10 06:45:06 62 ( A.SH. ) "E:\Documents and Settings\Ian Bleach\Application Data\desktop.ini"
    2006-05-09 22:36:46 6656 ( A.... ) "E:\WINDOWS\system32\WdfMgr.exe"
    2006-05-09 22:36:46 6656 ( A.... ) "E:\WINDOWS\system32\uWDF.exe"
    2006-05-09 22:26:34 1280000 ( A.... ) "E:\WINDOWS\system32\WMSPDMOE.dll"
    2006-05-09 22:26:34 1063424 ( A.... ) "E:\WINDOWS\system32\WMADMOE.dll"
    2006-05-09 22:26:34 992256 ( A.... ) "E:\WINDOWS\system32\WMNetMgr.dll"
    2006-05-09 22:26:34 705024 ( A.... ) "E:\WINDOWS\system32\WMADMOD.dll"
    2006-05-09 22:26:34 564736 ( A.... ) "E:\WINDOWS\system32\WMSPDMOD.dll"
    2006-05-09 22:26:34 417280 ( A.... ) "E:\WINDOWS\system32\wmdrmdev.dll"
    2006-05-09 22:26:34 337408 ( A.... ) "E:\WINDOWS\system32\wmdrmnet.dll"
    2006-05-09 22:26:34 306688 ( A.... ) "E:\WINDOWS\system32\mswmdm.dll"
    2006-05-09 22:26:34 221696 ( A.... ) "E:\WINDOWS\system32\wmasf.dll"
    2006-05-09 22:26:34 219648 ( A.... ) "E:\WINDOWS\system32\CEWMDM.dll"
    2006-05-09 22:26:34 212480 ( A.... ) "E:\WINDOWS\system32\msnetobj.dll"
    2006-05-09 22:26:34 201728 ( A.... ) "E:\WINDOWS\system32\qasf.dll"
    2006-05-09 22:26:34 165376 ( A.... ) "E:\WINDOWS\system32\mspmsp.dll"
    2006-05-09 22:26:34 155136 ( A.... ) "E:\WINDOWS\system32\wmidx.dll"
    2006-05-09 22:26:34 36864 ( A.... ) "E:\WINDOWS\system32\wmdmps.dll"
    2006-05-09 22:26:34 31744 ( A.... ) "E:\WINDOWS\system32\wmdmlog.dll"
    2006-05-09 22:26:34 26112 ( A.... ) "E:\WINDOWS\system32\MsPMSNSv.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\wmvdmoe2.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\wmvdmod.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\WMVADVE.DLL"
    2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\WMVADVD.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\wmsdmoe2.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\wmsdmod.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\wdfApi.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\MPG4DMOD.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\MP4SDMOD.dll"
    2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\MP43DMOD.dll"
    2006-05-09 22:26:32 9728 ( A.... ) "E:\WINDOWS\system32\LAPRXY.dll"
    2006-05-09 22:22:32 2463744 ( A.... ) "E:\WINDOWS\system32\wmvcore.dll"
    2006-05-09 21:02:02 84480 ( A.... ) "E:\WINDOWS\system32\logagent.exe"
    2006-05-09 21:01:06 1463808 ( ..... ) "E:\WINDOWS\system32\WMVDECOD.dll"
    2006-05-09 21:01:06 1359360 ( ..... ) "E:\WINDOWS\system32\WMVSDECD.dll"
    2006-05-09 21:00:58 1455616 ( ..... ) "E:\WINDOWS\system32\WMVENCOD.dll"
    2006-05-09 21:00:58 770560 ( ..... ) "E:\WINDOWS\system32\WMVSENCD.dll"
    2006-05-09 21:00:58 299520 ( ..... ) "E:\WINDOWS\system32\MP4SDECD.dll"
    2006-05-09 21:00:58 241152 ( ..... ) "E:\WINDOWS\system32\MPG4DECD.dll"
    2006-05-09 21:00:56 636928 ( ..... ) "E:\WINDOWS\system32\WMVXENCD.dll"
    2006-05-09 21:00:56 241152 ( ..... ) "E:\WINDOWS\system32\MP43DECD.dll"
    2006-05-09 21:00:08 382976 ( ..... ) "E:\WINDOWS\system32\MFPLAT.dll"
    2006-05-09 21:00:02 1350656 ( A.... ) "E:\WINDOWS\system32\drmv2clt.dll"
    2006-05-09 20:59:34 513536 ( ..... ) "E:\WINDOWS\system32\wmdrmsdk.dll"
    2006-05-09 20:59:20 417280 ( A.... ) "E:\WINDOWS\system32\MSSCP.dll"
    2006-05-09 20:59:18 229376 ( ..... ) "E:\WINDOWS\system32\drmupgds.exe"
    2006-05-09 20:59:14 585216 ( A.... ) "E:\WINDOWS\system32\blackbox.dll"
    2006-05-09 20:58:50 670208 ( A.... ) "E:\WINDOWS\system32\wpd_ci.dll"
    2006-05-09 20:58:50 103424 ( ..... ) "E:\WINDOWS\system32\PortableDeviceWiaCompat.dll"
    2006-05-09 20:58:48 345600 ( ..... ) "E:\WINDOWS\system32\PortableDeviceApi.dll"
    2006-05-09 20:58:48 188928 ( ..... ) "E:\WINDOWS\system32\PortableDeviceWMDRM.dll"
    2006-05-09 20:58:48 101376 ( ..... ) "E:\WINDOWS\system32\PortableDeviceClassExtension.dll"
    2006-05-09 20:58:46 343552 ( A.... ) "E:\WINDOWS\system32\WPDSp.dll"
    2006-05-09 20:58:40 144896 ( A.... ) "E:\WINDOWS\system32\wpdmtp.dll"
    2006-05-09 20:58:40 55808 ( A.... ) "E:\WINDOWS\system32\wpdmtpus.dll"
    2006-05-09 20:58:40 35840 ( A.... ) "E:\WINDOWS\system32\wpdconns.dll"
    2006-05-09 20:58:38 168960 ( ..... ) "E:\WINDOWS\system32\PortableDeviceTypes.dll"
    2006-05-09 20:58:38 13312 ( A.... ) "E:\WINDOWS\system32\wpdtrace.dll"
    2006-05-09 20:57:06 11264 ( ..... ) "E:\WINDOWS\system32\ehETW.dll"


    (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


    2006-07-28 21:24 90,112 E:\WINDOWS\unvise32.exe
    2006-07-28 19:21 1,073,008,640 E:\hiberfil.sys
    2006-07-28 18:38 98,304 E:\WINDOWS\system32\msikbd.dll
    2006-07-28 18:38 28,672 E:\WINDOWS\system32\msiosd32.dll
    2006-07-05 20:12 75,264 E:\WINDOWS\system32\unacev2.dll
    2006-07-05 20:12 3,440 E:\WINDOWS\undo.reg
    2006-07-05 20:12 153,088 E:\WINDOWS\system32\UNRAR3.dll
    2006-07-03 19:06 569,396 E:\WINDOWS\system32\sstqq.dll
    2006-07-01 22:44 78,488 E:\WINDOWS\system32\XMD5.dll
    2006-07-01 22:44 101,888 E:\WINDOWS\system32\vb6stkit.dll
    2006-07-01 22:27 39,437 E:\WINDOWS\system32\efcyxya.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "AVG7_CC"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "P17Helper"="Rundll32 P17.dll,P17Helper"
    "Windows Defender"="\"E:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "SunJavaUpdateSched"="E:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    @=""
    "Norton Ghost 9.0"="E:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
    "TrojanScanner"="E:\\Program Files\\Trojan Remover\\Trjscan.exe"
    "TkBellExe"="\"E:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "MULTIMEDIA KEYBOARD"="E:\\Program Files\\Netropa\\Multimedia Keyboard\\MMKeybd.exe"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="E:\\WINDOWS\\system32\\CTFMON.EXE"
    "AVG7_Run"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "CDRAutoRun"=dword:00000000

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="E:\\WINDOWS\\system32\\CTFMON.EXE"
    "AVG7_Run"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "CDRAutoRun"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^Ian Bleach^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
    "path"="E:\\Documents and Settings\\Ian Bleach\\Start Menu\\Programs\\Startup\\OpenOffice.org 2.0.lnk"
    "backup"="E:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
    "location"="Startup"
    "command"="E:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
    "item"="OpenOffice.org 2.0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="apdproxy"
    "hkey"="HKLM"
    "command"="\"E:\\Program Files\\Adobe\\Photoshop Elements 4.0\\apdproxy.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ALi5289"
    "hkey"="HKLM"
    "command"="E:\\Program Files\\ULI5289\\ALi5289.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="E_S4I0F2"
    "hkey"="HKLM"
    "command"="E:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0F2.EXE /P30 \"EPSON Stylus Photo R300 Series\" /O6 \"USB001\" /M \"Stylus Photo R300\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iTunesHelper"
    "hkey"="HKLM"
    "command"="\"E:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -k"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -k"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LocationFinder"
    "hkey"="HKCU"
    "command"="\"E:\\Program Files\\Microsoft Location Finder\\LocationFinder.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"E:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmsgr"
    "hkey"="HKCU"
    "command"="\"E:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcq]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MtdAcq"
    "hkey"="HKCU"
    "command"="E:\\Program Files\\Creative\\Shared Files\\Media Sniffer\\MtdAcq.exe /s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="E:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"E:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareBot]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SpywareBot"
    "hkey"="HKLM"
    "command"="E:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"E:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="tunebite"
    "hkey"="HKCU"
    "command"="E:\\Program Files\\tunebite\\tunebite.exe -hidden"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="YAHOOM~1"
    "hkey"="HKCU"
    "command"="\"E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
    "inimapping"="0"


    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WinDefend


    Contents of the 'Scheduled Tasks' folder
    E:\WINDOWS\tasks\MP Scheduled Scan.job

    Completion time: 29/07/2006 15:53:01.70
    ComboFix ver 06.07.15/28 - This logfile is located at E:\ComboFix.txt

    I have also attached the other log you requested (i hope).

    Hope i haven't missed anything. Thanks for the reply, i look forward to hearing from you soon.

    Regards
    Ian
     

    Attached Files:

  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    Please download VundoFix.exe to your desktop.

    • * Double-click VundoFix.exe to run it.
      * Put a check next to Run VundoFix as a task.
      * You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
      * When VundoFix re-opens,Click Scan for Vundo button.
      * Once the scan is complete, Right Click inside the listbox (white box) and click add more files
      * Copy&Paste the 2 entries below into the top 2 boxes
      E:\WINDOWS\system32\sstqq.dll
      C:\WINDOWS\system32\qqtss.*


      * Click Add Files and Click Close Window
      * Click the Remove Vundo button.
      * You will receive a prompt asking if you want to remove the files, click YES
      * Once you click yes, your desktop will go blank as it starts removing Vundo.
      * When completed, it will prompt that it will shutdown your computer, click OK.
      * Turn your computer back on.
      * Please post the contents of C:\vundofix.txt and a new HiJackThis log.
    [​IMG]
     
  5. ianeb

    ianeb Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    8
    Hi,

    Thanks for getting back.

    I have a problem. I have downloaded Vundo Fix and i can run the program fine until i tick Run Vundo Fix as a task, then it closes telling me it will restart in a minute or less..... Well it doesn't restart?

    I tried rebooting and waiting several minutes but still nothing.

    Am i doing something wrong?

    Ian
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    that does occasionally happen

    try moving vundofix to c:\ rather than the desktop & see if it works then

    if not we have an alternative way of dealing with it
     
  7. ianeb

    ianeb Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    8
    OK, moving it worked but it didn't go very smoothly. I done as you explained but the second file begining C:\ did not add to the list, the one begining E: did. My main hard drive where Windows is installed is on E: so i tried changing the C: to E: but that wouldn't add either.

    So i started it with just the one line added, an error came up Error 76 something about invalid path and that Vundo fix will attempt to remove the file on reboot. I have rebooted and here are the latest files

    HJT:
    Logfile of HijackThis v1.99.1
    Scan saved at 19:58:17, on 29/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\csrss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\system32\svchost.exe
    E:\Program Files\Windows Defender\MsMpEng.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\WINDOWS\Explorer.EXE
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    E:\WINDOWS\system32\Rundll32.exe
    E:\Program Files\Windows Defender\MSASCui.exe
    E:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    E:\WINDOWS\System32\GEARSec.exe
    E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    E:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    E:\Program Files\Netropa\Onscreen Display\OSD.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\alg.exe
    E:\WINDOWS\system32\wbem\wmiprvse.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    E:\WINDOWS\system32\wuauclt.exe
    E:\Program Files\Internet Explorer\iexplore.exe
    E:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Norton Ghost 9.0] E:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148195606421
    O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - file://E:\Program Files\OpenCube\Visual Infinite Menus\comdlg32.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E67CD023-18D2-48C5-8D7E-6E0A9A7EDE5F}: NameServer = 212.74.112.67,212.74.112.68
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: GEARSecurity - GEAR Software - E:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: Norton Ghost - Symantec Corporation - E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

    Vundo fix:
    Beginning removal...

    The process smss.exe was successfully stopped

    The process winlogon.exe was successfully stopped

    The process explorer.exe was successfully stopped

    The process iexplore.exe was successfully stopped

    The process rundll32.exe was successfully stopped

    Attempting to delete E:\WINDOWS\system32\sstqq.dll
    E:\WINDOWS\system32\sstqq.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Hope this helps.
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    sorry that was my mistake in my copying

    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.

    when it reboots

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
     
  9. ianeb

    ianeb Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    8
    OK here are the latest logs for you

    smitfraud:

    SmitFraudFix v2.76

    Scan done at 21:15:08.98, 29/07/2006
    Run from E:\Documents and Settings\Ian Bleach\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» E:\


    »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32

    E:\WINDOWS\system32\ld???.tmp FOUND !
    E:\WINDOWS\system32\ld????.tmp FOUND !
    E:\WINDOWS\system32\1024\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Ian Bleach\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\IANBLE~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Avenger:

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\oyblxqrl

    *******************

    Script file located at: \??\E:\WINDOWS\system32\wdnqcsmi.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at E:\Avenger

    *******************

    Beginning to process script file:

    File E:\WINDOWS\system32\sstqq.dll deleted successfully.
    File E:\WINDOWS\system32\efcyxya.dll deleted successfully.
    File E:\WINDOWS\system32\msikbd.dll deleted successfully.
    File E:\WINDOWS\system32\msiosd32.dll deleted successfully.
    File E:\WINDOWS\system32\qqtss.bak1 deleted successfully.
    File E:\WINDOWS\system32\qqtss.bak2 deleted successfully.
    File E:\WINDOWS\system32\qqtss.ini deleted successfully.
    File E:\WINDOWS\system32\qqtss.ini2 deleted successfully.
    File E:\WINDOWS\system32\qqtss.tmp deleted successfully.


    File E:\WINDOWS\system32\winrkq32.dll not found!
    Deletion of file E:\WINDOWS\system32\winrkq32.dll failed!

    Could not process line:
    E:\WINDOWS\system32\winrkq32.dll
    Status: 0xc0000034

    File E:\WINDOWS\SwSys1.bmp deleted successfully.


    Folder E:\Program Files\SpywareBot not found!
    Deletion of folder E:\Program Files\SpywareBot failed!

    Could not process line:
    E:\Program Files\SpywareBot
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.

    Hope we're getting somewhere! Thanks for all your time i really appreciate it.

    Ian
     
  10. ianeb

    ianeb Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    8
    Just to let you know, i have installed Kerio personal firewall. I hope this isn't a problem?

    Thanks

    Ian
     
  11. ianeb

    ianeb Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    8
    Hey DVK01....

    Can you let me know if my system is clean now?

    Ian
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    sorry I didn't get notification of teh replies


    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning : running option #2 on a non infected computer will remove your Desktop background.

    then

    * Download the Trial/Demo version of Ewido Anti Spyware When the trial period expires it becomes freeware with reduced functions but still worth keeping or you have the option of buying a licence for the full version


    EWIDO DOWNLOAD

    * Install ewido.
    * Launch ewido
    * It will prompt you to update click the OK button and it will go to the main screen
    * On the top of the main screen click update
    * Click on Start and let it update.
    * now boot to safe mode by following advice here http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam
    * Now run Ewido:
    * Click on scanner then click on settings tab , select all options allowed & set the how to act to recommended actions and set recommended actions to quarantine then set automatically generate reports after every scan & only if threats were found
    * Now press the scan tab. Click the Complete System Scan button to start the scan.
    * When the scan is done you will see a list of infected objects (if any found) At the bottom of the list, Please click on "recommended action"/and choose to Set all Elements to quarantine and check the box "Perform action with all infections".
    If you get a warning about a file being in an archive, please choose *yes* to quarantine the entire archive
    * When the scan is finished, look at the bottom of the screen and click the Save report button.
    * Save the report to your desktop

    Post back with the ewido scan log
     
  13. ianeb

    ianeb Thread Starter

    Joined:
    Jul 29, 2006
    Messages:
    8
    Hi sorry it took so long having mega probs with my PC but we won't go in to that now!!

    Have run both programs you asked and here are logs

    SMITFRAUD.... I run this twice thinking the first time i didn't do it correct so thats why it shows it hasn't deleted anything but the first one did...

    SmitFraudFix v2.76

    Scan done at 19:15:34.46, 01/08/2006
    Run from E:\Documents and Settings\Ian Bleach\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Ewido Scan results

    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 19:37:11 01/08/2006

    + Scan result:



    E:\avenger\backup.zip/avenger/efcyxya.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    :mozilla.238:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.239:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.213:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.214:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.215:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.216:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.217:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.218:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.219:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.220:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.221:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.222:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.223:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.224:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.225:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.226:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.227:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.228:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.229:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.230:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.231:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.279:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.590:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.631:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.663:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.718:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.883:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.884:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.429:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.871:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.872:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.873:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.874:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.174:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.177:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.148:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.149:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.150:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.60:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    E:\Documents and Settings\Ian Bleach\Cookies\ian [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.249:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.250:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.490:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
    :mozilla.801:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
    :mozilla.345:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.843:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    E:\Documents and Settings\Ian Bleach\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
    :mozilla.55:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    E:\Documents and Settings\Ian Bleach\Cookies\ian [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.147:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.520:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.68:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.529:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
    :mozilla.170:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.172:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.173:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.175:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.176:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.15:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.265:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.267:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.830:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
    :mozilla.831:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
    :mozilla.374:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.303:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.304:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.305:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.306:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.315:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.316:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.317:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.343:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.556:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
    :mozilla.580:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Linkbuddies : Cleaned.
    :mozilla.360:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.361:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.362:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.896:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.897:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.898:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.899:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.900:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.901:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.902:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.903:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.904:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.905:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.906:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.79:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    E:\Documents and Settings\Ian Bleach\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    :mozilla.909:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.910:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.911:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.320:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.321:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.408:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.409:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.410:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.411:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.643:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.644:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.645:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.646:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.647:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    E:\Documents and Settings\Ian Bleach\Cookies\ian [email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.666:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.390:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.391:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.392:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.393:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.394:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.859:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.926:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.927:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.928:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.929:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.930:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.694:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
    :mozilla.111:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.112:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.113:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.114:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.115:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.116:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.117:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.118:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.119:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.120:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.121:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.122:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.123:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.124:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.125:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.126:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    E:\Documents and Settings\Ian Bleach\Cookies\ian [email protected][1].txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.56:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.57:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.59:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.61:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.62:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.334:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.335:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.336:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.248:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
    :mozilla.257:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.258:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.412:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.635:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
    :mozilla.636:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
    :mozilla.739:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
    :mozilla.276:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.277:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.278:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.760:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.761:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.759:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
    :mozilla.273:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    E:\Documents and Settings\Ian Bleach\Cookies\ian [email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.785:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.799:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.800:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.792:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.793:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end

    Hope we are there!! Hats off to you for knowing all this stuff... I guess i should learn seeing as i want to work in security..!

    Thanks
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    it should be ok now

    Turn off system restore by following instructions here
    http://www.thespykiller.co.uk/forum/index.php?page=8
    That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.

    go here http://forums.techguy.org/t208517/s.html for info on how to tighten your security settings and how to help prevent future attacks.

    and pay an urgent visit to windows update & make sure you are fully updated & get the bunch of new updates that are alleged to plug the security holes that let these pests on in the first place

    go to www.java.com & download the latest version of java 1.5.0.7

    install it & then go to add/remove programs and UNINSTALL ALL previous versions of sun java
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487424

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice