Please check my logs.. Pop ups driving me insane!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ianeb

Thread Starter
Joined
Jul 29, 2006
Messages
8
Can somebody please help me! I have done all i can and seem to be hitting a brick wall in these forums. I have already posted in 2 other forums and no one has replied, am i doing something wrong? I am asking nicely! These pop ups are driving me mad, I have followed other instructions but to no avail, plus my HJT log isn't the same as others so the help on other threads is personal to that person..... Please I would be eternally grateful for assistance!!
I worked through a fix on another site using BFU and AFT cleaner and superantispyware but even after i done it all I still had WINANTIVIRUS pop ups immediately after. I have also had several Trojan warnings from my AVG Virus program over the last few days.

I would be VERY grateful if someone could assist me.

HiJack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 09:30:29, on 29/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\WINDOWS\System32\GEARSec.exe
E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
E:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
E:\Program Files\Netropa\Onscreen Display\OSD.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\msiexec.exe
E:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] E:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148195606421
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - file://E:\Program Files\OpenCube\Visual Infinite Menus\comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E67CD023-18D2-48C5-8D7E-6E0A9A7EDE5F}: NameServer = 212.74.112.67,212.74.112.68
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - E:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norton Ghost - Symantec Corporation - E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

Would you believe it! The moment I opened Hijackthis, The winantivirus pop ups appear! Crazy.

Please let me know if any other information is required and i will be happy to assist.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
what other forums have you posted in

please post links so I can see what has already been done so we don't duplicate it and infromm them that you have moved here

then

Download Combofix to your desktop:

* Double-click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply.


Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

then

  • Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Dont do anything with it yet!

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click " Configure Scan Options"
  • Select " Run Add ONs" and then select ALL the options in the box below it, Press Apply
  • Now Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
    • Reboot back to Normal Mode!
    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Place those results in the next post!. It will be too big to post so you will need to attach it to your reply
 

ianeb

Thread Starter
Joined
Jul 29, 2006
Messages
8
Hi thanks for the reply.

http://www.bullguard.com/forum/8/Project1--winantivirus-pop-ups_33294.html

That is the link for the instructions i followed, i haven't had any other hlp although i have looked through many forums but had no luck.....

I have done what you asked and here is the report from combofix:

Start Time= 29/07/2006 15:52:44.00
Running from: E:\Program Files\Mozilla Firefox

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-28 22:23:14 ( .D... ) "E:\Program Files\OpenCube"
2006-07-28 21:23:56 ( .D... ) "E:\Program Files\The Logo Creator v5"
2006-07-28 19:23:00 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\SUPERAntiSpyware.com"
2006-07-28 18:39:00 ( .D... ) "E:\Program Files\Netropa"
2006-07-22 21:19:54 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\Alien Skin"
2006-07-22 15:24:22 ( .D... ) "E:\Program Files\TuneSleeve"
2006-07-22 13:27:54 ( .D... ) "E:\Program Files\Macromedia"
2006-07-22 13:27:54 ( .D... ) "E:\Program Files\Common Files\Macromedia"
2006-07-14 19:50:36 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\Nvu"
2006-07-07 20:20:18 ( .D... ) "E:\Program Files\K-litePro"
2006-07-05 20:26:56 ( .D... ) "E:\Program Files\Spybot - Search & Destroy"
2006-07-05 20:12:32 ( .D... ) "E:\Program Files\Trojan Remover"
2006-07-05 19:36:54 ( .D... ) "E:\Program Files\Sports Interactive"
2006-07-03 19:06:36 569396 ( ..SH. ) "E:\WINDOWS\system32\sstqq.dll"
2006-07-01 23:58:54 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\Kazaa Lite"
2006-07-01 23:22:48 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\.ABC"
2006-07-01 22:27:36 39437 ( ..SH. ) "E:\WINDOWS\system32\efcyxya.dll"
2006-07-01 14:30:14 ( .D... ) "E:\Program Files\QuickTime"
2006-07-01 14:29:38 ( .D... ) "E:\Program Files\iTunes"
2006-07-01 14:29:38 ( .D... ) "E:\Program Files\iPod"
2006-06-25 20:05:54 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\Yahoo!"
2006-06-25 20:04:30 ( .D... ) "E:\Program Files\Yahoo!"
2006-06-19 20:53:04 ( .D... ) "E:\Program Files\MSN Messenger"
2006-06-12 20:10:20 ( .D... ) "E:\Program Files\Common Files\xing shared"
2006-06-12 20:10:14 176167 ( A.... ) "E:\WINDOWS\system32\rmoc3260.dll"
2006-06-12 20:10:08 6656 ( A.... ) "E:\WINDOWS\system32\pndx5016.dll"
2006-06-12 20:10:08 5632 ( A.... ) "E:\WINDOWS\system32\pndx5032.dll"
2006-06-12 20:10:06 278528 ( A.... ) "E:\WINDOWS\system32\pncrt.dll"
2006-06-12 20:10:04 ( .D... ) "E:\Program Files\Common Files\Real"
2006-06-12 20:10:02 ( .D... ) "E:\Program Files\Real"
2006-06-12 20:09:34 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\Real"
2006-06-09 21:40:44 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\Lavasoft"
2006-05-29 13:27:04 ( .D... ) "E:\Documents and Settings\Ian Bleach\Application Data\Adobe"
2006-05-29 13:25:32 ( .D... ) "E:\Program Files\Common Files\Adobe"
2006-05-29 13:25:32 ( .D... ) "E:\Program Files\Adobe"
2006-05-29 13:24:08 109568 ( ..... ) "E:\WINDOWS\system32\pxinsi64.exe"
2006-05-29 13:24:08 108544 ( ..... ) "E:\WINDOWS\system32\pxcpyi64.exe"
2006-05-29 13:15:12 ( .D... ) "E:\Program Files\BitLord"
2006-05-23 17:25:52 402736 ( A.... ) "E:\WINDOWS\system32\WgaLogon.dll"
2006-05-21 20:52:18 354 ( A.... ) "E:\Documents and Settings\Ian Bleach\Application Data\AutoGK.ini"
2006-05-21 12:09:06 43668 ( A.... ) "E:\WINDOWS\system32\xvid-uninstall.exe"
2006-05-19 21:34:44 131072 ( A.... ) "E:\WINDOWS\system32\SpoonUninstall.exe"
2006-05-19 13:59:42 148480 ( A.... ) "E:\WINDOWS\system32\dnsapi.dll"
2006-05-19 13:59:42 111616 ( A.... ) "E:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 13:59:42 94720 ( A.... ) "E:\WINDOWS\system32\iphlpapi.dll"
2006-05-13 19:06:04 107132 ( A.... ) "E:\WINDOWS\UninstallFirefox.exe"
2006-05-10 18:27:00 499712 ( A.... ) "E:\WINDOWS\system32\msvcp71.dll"
2006-05-10 18:27:00 348160 ( A.... ) "E:\WINDOWS\system32\msvcr71.dll"
2006-05-10 06:45:06 62 ( A.SH. ) "E:\Documents and Settings\Ian Bleach\Application Data\desktop.ini"
2006-05-09 22:36:46 6656 ( A.... ) "E:\WINDOWS\system32\WdfMgr.exe"
2006-05-09 22:36:46 6656 ( A.... ) "E:\WINDOWS\system32\uWDF.exe"
2006-05-09 22:26:34 1280000 ( A.... ) "E:\WINDOWS\system32\WMSPDMOE.dll"
2006-05-09 22:26:34 1063424 ( A.... ) "E:\WINDOWS\system32\WMADMOE.dll"
2006-05-09 22:26:34 992256 ( A.... ) "E:\WINDOWS\system32\WMNetMgr.dll"
2006-05-09 22:26:34 705024 ( A.... ) "E:\WINDOWS\system32\WMADMOD.dll"
2006-05-09 22:26:34 564736 ( A.... ) "E:\WINDOWS\system32\WMSPDMOD.dll"
2006-05-09 22:26:34 417280 ( A.... ) "E:\WINDOWS\system32\wmdrmdev.dll"
2006-05-09 22:26:34 337408 ( A.... ) "E:\WINDOWS\system32\wmdrmnet.dll"
2006-05-09 22:26:34 306688 ( A.... ) "E:\WINDOWS\system32\mswmdm.dll"
2006-05-09 22:26:34 221696 ( A.... ) "E:\WINDOWS\system32\wmasf.dll"
2006-05-09 22:26:34 219648 ( A.... ) "E:\WINDOWS\system32\CEWMDM.dll"
2006-05-09 22:26:34 212480 ( A.... ) "E:\WINDOWS\system32\msnetobj.dll"
2006-05-09 22:26:34 201728 ( A.... ) "E:\WINDOWS\system32\qasf.dll"
2006-05-09 22:26:34 165376 ( A.... ) "E:\WINDOWS\system32\mspmsp.dll"
2006-05-09 22:26:34 155136 ( A.... ) "E:\WINDOWS\system32\wmidx.dll"
2006-05-09 22:26:34 36864 ( A.... ) "E:\WINDOWS\system32\wmdmps.dll"
2006-05-09 22:26:34 31744 ( A.... ) "E:\WINDOWS\system32\wmdmlog.dll"
2006-05-09 22:26:34 26112 ( A.... ) "E:\WINDOWS\system32\MsPMSNSv.dll"
2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\wmvdmoe2.dll"
2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\wmvdmod.dll"
2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\WMVADVE.DLL"
2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\WMVADVD.dll"
2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\wmsdmoe2.dll"
2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\wmsdmod.dll"
2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\wdfApi.dll"
2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\MPG4DMOD.dll"
2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\MP4SDMOD.dll"
2006-05-09 22:26:34 4096 ( A.... ) "E:\WINDOWS\system32\MP43DMOD.dll"
2006-05-09 22:26:32 9728 ( A.... ) "E:\WINDOWS\system32\LAPRXY.dll"
2006-05-09 22:22:32 2463744 ( A.... ) "E:\WINDOWS\system32\wmvcore.dll"
2006-05-09 21:02:02 84480 ( A.... ) "E:\WINDOWS\system32\logagent.exe"
2006-05-09 21:01:06 1463808 ( ..... ) "E:\WINDOWS\system32\WMVDECOD.dll"
2006-05-09 21:01:06 1359360 ( ..... ) "E:\WINDOWS\system32\WMVSDECD.dll"
2006-05-09 21:00:58 1455616 ( ..... ) "E:\WINDOWS\system32\WMVENCOD.dll"
2006-05-09 21:00:58 770560 ( ..... ) "E:\WINDOWS\system32\WMVSENCD.dll"
2006-05-09 21:00:58 299520 ( ..... ) "E:\WINDOWS\system32\MP4SDECD.dll"
2006-05-09 21:00:58 241152 ( ..... ) "E:\WINDOWS\system32\MPG4DECD.dll"
2006-05-09 21:00:56 636928 ( ..... ) "E:\WINDOWS\system32\WMVXENCD.dll"
2006-05-09 21:00:56 241152 ( ..... ) "E:\WINDOWS\system32\MP43DECD.dll"
2006-05-09 21:00:08 382976 ( ..... ) "E:\WINDOWS\system32\MFPLAT.dll"
2006-05-09 21:00:02 1350656 ( A.... ) "E:\WINDOWS\system32\drmv2clt.dll"
2006-05-09 20:59:34 513536 ( ..... ) "E:\WINDOWS\system32\wmdrmsdk.dll"
2006-05-09 20:59:20 417280 ( A.... ) "E:\WINDOWS\system32\MSSCP.dll"
2006-05-09 20:59:18 229376 ( ..... ) "E:\WINDOWS\system32\drmupgds.exe"
2006-05-09 20:59:14 585216 ( A.... ) "E:\WINDOWS\system32\blackbox.dll"
2006-05-09 20:58:50 670208 ( A.... ) "E:\WINDOWS\system32\wpd_ci.dll"
2006-05-09 20:58:50 103424 ( ..... ) "E:\WINDOWS\system32\PortableDeviceWiaCompat.dll"
2006-05-09 20:58:48 345600 ( ..... ) "E:\WINDOWS\system32\PortableDeviceApi.dll"
2006-05-09 20:58:48 188928 ( ..... ) "E:\WINDOWS\system32\PortableDeviceWMDRM.dll"
2006-05-09 20:58:48 101376 ( ..... ) "E:\WINDOWS\system32\PortableDeviceClassExtension.dll"
2006-05-09 20:58:46 343552 ( A.... ) "E:\WINDOWS\system32\WPDSp.dll"
2006-05-09 20:58:40 144896 ( A.... ) "E:\WINDOWS\system32\wpdmtp.dll"
2006-05-09 20:58:40 55808 ( A.... ) "E:\WINDOWS\system32\wpdmtpus.dll"
2006-05-09 20:58:40 35840 ( A.... ) "E:\WINDOWS\system32\wpdconns.dll"
2006-05-09 20:58:38 168960 ( ..... ) "E:\WINDOWS\system32\PortableDeviceTypes.dll"
2006-05-09 20:58:38 13312 ( A.... ) "E:\WINDOWS\system32\wpdtrace.dll"
2006-05-09 20:57:06 11264 ( ..... ) "E:\WINDOWS\system32\ehETW.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-28 21:24 90,112 E:\WINDOWS\unvise32.exe
2006-07-28 19:21 1,073,008,640 E:\hiberfil.sys
2006-07-28 18:38 98,304 E:\WINDOWS\system32\msikbd.dll
2006-07-28 18:38 28,672 E:\WINDOWS\system32\msiosd32.dll
2006-07-05 20:12 75,264 E:\WINDOWS\system32\unacev2.dll
2006-07-05 20:12 3,440 E:\WINDOWS\undo.reg
2006-07-05 20:12 153,088 E:\WINDOWS\system32\UNRAR3.dll
2006-07-03 19:06 569,396 E:\WINDOWS\system32\sstqq.dll
2006-07-01 22:44 78,488 E:\WINDOWS\system32\XMD5.dll
2006-07-01 22:44 101,888 E:\WINDOWS\system32\vb6stkit.dll
2006-07-01 22:27 39,437 E:\WINDOWS\system32\efcyxya.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"Windows Defender"="\"E:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="E:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
@=""
"Norton Ghost 9.0"="E:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
"TrojanScanner"="E:\\Program Files\\Trojan Remover\\Trjscan.exe"
"TkBellExe"="\"E:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"MULTIMEDIA KEYBOARD"="E:\\Program Files\\Netropa\\Multimedia Keyboard\\MMKeybd.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="E:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="E:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^Ian Bleach^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
"path"="E:\\Documents and Settings\\Ian Bleach\\Start Menu\\Programs\\Startup\\OpenOffice.org 2.0.lnk"
"backup"="E:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
"location"="Startup"
"command"="E:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"E:\\Program Files\\Adobe\\Photoshop Elements 4.0\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALi5289"
"hkey"="HKLM"
"command"="E:\\Program Files\\ULI5289\\ALi5289.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_S4I0F2"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0F2.EXE /P30 \"EPSON Stylus Photo R300 Series\" /O6 \"USB001\" /M \"Stylus Photo R300\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"E:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LocationFinder"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Microsoft Location Finder\\LocationFinder.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MtdAcq"
"hkey"="HKCU"
"command"="E:\\Program Files\\Creative\\Shared Files\\Media Sniffer\\MtdAcq.exe /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"E:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareBot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpywareBot"
"hkey"="HKLM"
"command"="E:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"E:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tunebite"
"hkey"="HKCU"
"command"="E:\\Program Files\\tunebite\\tunebite.exe -hidden"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YAHOOM~1"
"hkey"="HKCU"
"command"="\"E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WinDefend


Contents of the 'Scheduled Tasks' folder
E:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 29/07/2006 15:53:01.70
ComboFix ver 06.07.15/28 - This logfile is located at E:\ComboFix.txt

I have also attached the other log you requested (i hope).

Hope i haven't missed anything. Thanks for the reply, i look forward to hearing from you soon.

Regards
Ian
 

Attachments

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Please download VundoFix.exe to your desktop.

  • * Double-click VundoFix.exe to run it.
    * Put a check next to Run VundoFix as a task.
    * You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
    * When VundoFix re-opens,Click Scan for Vundo button.
    * Once the scan is complete, Right Click inside the listbox (white box) and click add more files
    * Copy&Paste the 2 entries below into the top 2 boxes
    E:\WINDOWS\system32\sstqq.dll
    C:\WINDOWS\system32\qqtss.*


    * Click Add Files and Click Close Window
    * Click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will shutdown your computer, click OK.
    * Turn your computer back on.
    * Please post the contents of C:\vundofix.txt and a new HiJackThis log.
 

ianeb

Thread Starter
Joined
Jul 29, 2006
Messages
8
Hi,

Thanks for getting back.

I have a problem. I have downloaded Vundo Fix and i can run the program fine until i tick Run Vundo Fix as a task, then it closes telling me it will restart in a minute or less..... Well it doesn't restart?

I tried rebooting and waiting several minutes but still nothing.

Am i doing something wrong?

Ian
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
that does occasionally happen

try moving vundofix to c:\ rather than the desktop & see if it works then

if not we have an alternative way of dealing with it
 

ianeb

Thread Starter
Joined
Jul 29, 2006
Messages
8
OK, moving it worked but it didn't go very smoothly. I done as you explained but the second file begining C:\ did not add to the list, the one begining E: did. My main hard drive where Windows is installed is on E: so i tried changing the C: to E: but that wouldn't add either.

So i started it with just the one line added, an error came up Error 76 something about invalid path and that Vundo fix will attempt to remove the file on reboot. I have rebooted and here are the latest files

HJT:
Logfile of HijackThis v1.99.1
Scan saved at 19:58:17, on 29/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\WINDOWS\System32\GEARSec.exe
E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
E:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
E:\Program Files\Netropa\Onscreen Display\OSD.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Norton Ghost 9.0] E:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148195606421
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - file://E:\Program Files\OpenCube\Visual Infinite Menus\comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E67CD023-18D2-48C5-8D7E-6E0A9A7EDE5F}: NameServer = 212.74.112.67,212.74.112.68
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - E:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norton Ghost - Symantec Corporation - E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

Vundo fix:
Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe was successfully stopped

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete E:\WINDOWS\system32\sstqq.dll
E:\WINDOWS\system32\sstqq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Hope this helps.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
sorry that was my mistake in my copying

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
E:\WINDOWS\system32\sstqq.dll
E:\WINDOWS\system32\efcyxya.dll
E:\WINDOWS\system32\msikbd.dll
E:\WINDOWS\system32\msiosd32.dll
E:\WINDOWS\system32\qqtss.bak1
E:\WINDOWS\system32\qqtss.bak2
E:\WINDOWS\system32\qqtss.ini
E:\WINDOWS\system32\qqtss.ini2
E:\WINDOWS\system32\qqtss.tmp
E:\WINDOWS\system32\winrkq32.dll
E:\WINDOWS\SwSys1.bmp

Folders to Delete:
E:\Program Files\SpywareBot

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

when it reboots

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
 

ianeb

Thread Starter
Joined
Jul 29, 2006
Messages
8
OK here are the latest logs for you

smitfraud:

SmitFraudFix v2.76

Scan done at 21:15:08.98, 29/07/2006
Run from E:\Documents and Settings\Ian Bleach\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» E:\


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32

E:\WINDOWS\system32\ld???.tmp FOUND !
E:\WINDOWS\system32\ld????.tmp FOUND !
E:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Ian Bleach\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\IANBLE~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\oyblxqrl

*******************

Script file located at: \??\E:\WINDOWS\system32\wdnqcsmi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at E:\Avenger

*******************

Beginning to process script file:

File E:\WINDOWS\system32\sstqq.dll deleted successfully.
File E:\WINDOWS\system32\efcyxya.dll deleted successfully.
File E:\WINDOWS\system32\msikbd.dll deleted successfully.
File E:\WINDOWS\system32\msiosd32.dll deleted successfully.
File E:\WINDOWS\system32\qqtss.bak1 deleted successfully.
File E:\WINDOWS\system32\qqtss.bak2 deleted successfully.
File E:\WINDOWS\system32\qqtss.ini deleted successfully.
File E:\WINDOWS\system32\qqtss.ini2 deleted successfully.
File E:\WINDOWS\system32\qqtss.tmp deleted successfully.


File E:\WINDOWS\system32\winrkq32.dll not found!
Deletion of file E:\WINDOWS\system32\winrkq32.dll failed!

Could not process line:
E:\WINDOWS\system32\winrkq32.dll
Status: 0xc0000034

File E:\WINDOWS\SwSys1.bmp deleted successfully.


Folder E:\Program Files\SpywareBot not found!
Deletion of folder E:\Program Files\SpywareBot failed!

Could not process line:
E:\Program Files\SpywareBot
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

Hope we're getting somewhere! Thanks for all your time i really appreciate it.

Ian
 

ianeb

Thread Starter
Joined
Jul 29, 2006
Messages
8
Just to let you know, i have installed Kerio personal firewall. I hope this isn't a problem?

Thanks

Ian
 

ianeb

Thread Starter
Joined
Jul 29, 2006
Messages
8
Hey DVK01....

Can you let me know if my system is clean now?

Ian
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
sorry I didn't get notification of teh replies


You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

then

* Download the Trial/Demo version of Ewido Anti Spyware When the trial period expires it becomes freeware with reduced functions but still worth keeping or you have the option of buying a licence for the full version


EWIDO DOWNLOAD

* Install ewido.
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the top of the main screen click update
* Click on Start and let it update.
* now boot to safe mode by following advice here http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam
* Now run Ewido:
* Click on scanner then click on settings tab , select all options allowed & set the how to act to recommended actions and set recommended actions to quarantine then set automatically generate reports after every scan & only if threats were found
* Now press the scan tab. Click the Complete System Scan button to start the scan.
* When the scan is done you will see a list of infected objects (if any found) At the bottom of the list, Please click on "recommended action"/and choose to Set all Elements to quarantine and check the box "Perform action with all infections".
If you get a warning about a file being in an archive, please choose *yes* to quarantine the entire archive
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Post back with the ewido scan log
 

ianeb

Thread Starter
Joined
Jul 29, 2006
Messages
8
Hi sorry it took so long having mega probs with my PC but we won't go in to that now!!

Have run both programs you asked and here are logs

SMITFRAUD.... I run this twice thinking the first time i didn't do it correct so thats why it shows it hasn't deleted anything but the first one did...

SmitFraudFix v2.76

Scan done at 19:15:34.46, 01/08/2006
Run from E:\Documents and Settings\Ian Bleach\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Ewido Scan results

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:37:11 01/08/2006

+ Scan result:



E:\avenger\backup.zip/avenger/efcyxya.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
:mozilla.238:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.239:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.213:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.214:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.215:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.216:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.217:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.218:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.219:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.220:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.221:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.222:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.223:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.224:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.225:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.226:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.227:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.228:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.229:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.230:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.231:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.279:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.590:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.631:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.663:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.718:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.883:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.884:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.429:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.871:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.872:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.873:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.874:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.174:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.148:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.149:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.150:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.60:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
E:\Documents and Settings\Ian Bleach\Cookies\ian [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.249:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.250:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.490:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.801:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.345:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.843:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Com : Cleaned.
E:\Documents and Settings\Ian Bleach\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.55:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
E:\Documents and Settings\Ian Bleach\Cookies\ian [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.147:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.520:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.68:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.529:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.170:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.172:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.173:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.175:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.176:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.15:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.265:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.267:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.830:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.831:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.374:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.303:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.304:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.305:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.306:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.315:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.316:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.317:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.343:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.556:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.580:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Linkbuddies : Cleaned.
:mozilla.360:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.361:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.362:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.896:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.897:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.898:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.899:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.900:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.901:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.902:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.903:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.904:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.905:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.906:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.79:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
E:\Documents and Settings\Ian Bleach\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.909:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.910:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.911:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.320:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.321:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.408:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.409:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.410:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.411:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.643:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.644:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.645:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.646:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.647:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
E:\Documents and Settings\Ian Bleach\Cookies\ian [email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.666:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.390:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.391:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.392:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.393:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.394:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.859:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.926:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.927:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.928:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.929:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.930:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.694:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.111:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.112:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.113:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.114:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.115:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.116:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.117:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.118:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.119:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.120:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.121:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.122:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.123:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.124:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.125:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.126:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
E:\Documents and Settings\Ian Bleach\Cookies\ian [email protected][1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.56:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.59:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.61:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.62:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.334:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.335:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.336:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.248:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.257:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.258:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.412:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.635:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.636:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.739:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.276:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.277:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.278:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.760:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.761:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.759:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.273:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
E:\Documents and Settings\Ian Bleach\Cookies\ian [email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.785:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.799:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.800:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.792:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.793:E:\Documents and Settings\Ian Bleach\Application Data\Mozilla\Firefox\Profiles\y9np65l8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Hope we are there!! Hats off to you for knowing all this stuff... I guess i should learn seeing as i want to work in security..!

Thanks
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
it should be ok now

Turn off system restore by following instructions here
http://www.thespykiller.co.uk/forum/index.php?page=8
That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.

go here http://forums.techguy.org/t208517/s.html for info on how to tighten your security settings and how to help prevent future attacks.

and pay an urgent visit to windows update & make sure you are fully updated & get the bunch of new updates that are alleged to plug the security holes that let these pests on in the first place

go to www.java.com & download the latest version of java 1.5.0.7

install it & then go to add/remove programs and UNINSTALL ALL previous versions of sun java
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top