1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Trojan SPM/LX help needed

Discussion in 'Virus & Other Malware Removal' started by iskander, Jul 19, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. iskander

    iskander Thread Starter

    Joined:
    Jul 19, 2006
    Messages:
    4
    Logfile of HijackThis v1.99.1
    Scan saved at 18:35:29, on 19/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\system32\dcomcfg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\atmclk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
    O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - C:\WINDOWS\system32\hp100.tmp
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
    O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Homepage - {A51F735E-DB4B-4BF4-B20E-2A5E5DA04467} - http://bt.yahoo.com (file missing) (HKCU)
    O9 - Extra button: BT - {D20FB976-64AB-4CDF-BAEB-DC62E3D21573} - http://www.bt.com (file missing) (HKCU)
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133192314218
    O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/templates/btmailcontrol013.cab
    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol024.cab
    O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    Hi there,
    Above is a Hijack this logfile taken after I have been infected with the SPM/LX Trojan virus.
    I saw a previous mention of this on your forum but thought it best to give my own details in case I need to take different actions (this is my 1st post so I am unsure).
    Can you guide me in removing this virus?
    Many thanks
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
     
  3. iskander

    iskander Thread Starter

    Joined:
    Jul 19, 2006
    Messages:
    4
    SmitFraudFix v2.74

    Scan done at 19:06:47.37, 19/07/2006
    Run from C:\Documents and Settings\Alex\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\mzoeut.dll -> Missing File


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\atmclk.exe Deleted
    C:\WINDOWS\system32\dcomcfg.exe Deleted
    C:\WINDOWS\system32\hp???.tmp Deleted
    C:\WINDOWS\system32\ld???.tmp Deleted
    C:\WINDOWS\system32\ot.ico Deleted
    C:\WINDOWS\system32\regperf.exe Deleted
    C:\WINDOWS\system32\simpole.tlb Deleted
    C:\WINDOWS\system32\stdole3.tlb Deleted
    C:\WINDOWS\system32\ts.ico Deleted
    C:\WINDOWS\system32\1024\ Deleted
    C:\DOCUME~1\Alex\FAVORI~1\Antivirus Test Online.url Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Logfile of HijackThis v1.99.1
    Scan saved at 19:14:18, on 19/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
    O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Homepage - {A51F735E-DB4B-4BF4-B20E-2A5E5DA04467} - http://bt.yahoo.com (file missing) (HKCU)
    O9 - Extra button: BT - {D20FB976-64AB-4CDF-BAEB-DC62E3D21573} - http://www.bt.com (file missing) (HKCU)
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133192314218
    O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/templates/btmailcontrol013.cab
    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol024.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Let's do one more thing just to make sure all is clean

    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · Run the application
    · Click on scanner
    · Click Complete System Scan and the scan will begin.
    · When the scan is finished, Set all items to delete
    · Apply all actions
    · look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    RE-Boot
    Post that log and a new HiJack log
     
  5. iskander

    iskander Thread Starter

    Joined:
    Jul 19, 2006
    Messages:
    4
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 21:09:43 19/07/2006

    + Scan result:



    C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned.
    C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned.
    C:\WINDOWS\Downloaded Program Files\btwebcontrol.dll -> Dialer.BT.f : Cleaned.
    C:\WINDOWS\Downloaded Program Files\btmailcontrol.dll -> Dialer.BT.g : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Calum\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Fiona\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Fiona\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Adtech : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Heather\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Adviva : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Fiona\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Bfast : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Calum\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Fiona\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Calum\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Heather\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Fiona\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Goclick : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Fiona\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Fiona\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Heather\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Hitslink : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Qksrv : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Heather\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Alex\Cookies\a[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Calum\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Fiona\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Heather\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Fiona\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Calum\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Fiona\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Trafic : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : Cleaned.
    C:\Documents and Settings\Fiona\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Fiona\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end

    Logfile of HijackThis v1.99.1
    Scan saved at 21:15:17, on 19/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
    O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Homepage - {A51F735E-DB4B-4BF4-B20E-2A5E5DA04467} - http://bt.yahoo.com (file missing) (HKCU)
    O9 - Extra button: BT - {D20FB976-64AB-4CDF-BAEB-DC62E3D21573} - http://www.bt.com (file missing) (HKCU)
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133192314218
    O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/templates/btmailcontrol013.cab
    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol024.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    OK...how am I looking now?
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    IE - Block Third party cookies
    1. Click on the Tools button on the Internet Explorer tool bar.
    2. Highlight and click on Internet options at the bottom of the Tools menu.
    3. Select the Privacy Tab of the Internet Options menu.
    4. Select the Advanced... button at the bottom of the screen.
    5. Select override automatic cookie handling button.
    6. To block third party cookies select block under "Third-party cookies".
    7. Select "always allow session cookies".
    8. Click on the OK button at the bottom of the screen.
    =====================

    Clean [​IMG] - If you feel it is fixed, mark it solved via thread tools above - if not what is the current situation?

    Restore points
    Turn off restore points, boot, turn them back on – here’s how

    XP
    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
     
  7. iskander

    iskander Thread Starter

    Joined:
    Jul 19, 2006
    Messages:
    4
    Thanks for all your help..........I'm glad i've discovered this site and will recommend to friends.
    It never ceases to amaze me how supportive most PC users are and it is still incredible to think that here I am in Scotland with a PC problem and some kind pearson in another country is happy to spend time to help me with a problem.

    Thanks again.
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Your welcome!!!!!!
     
  9. mygotta

    mygotta

    Joined:
    Aug 29, 2006
    Messages:
    1
    I had the same spyware, TrojanSPM/LX. Its an annoying little bugger. I think I got it following your directions, however, I have some uncertainty that maybe you can help me with. It does not show up in the system tray like it did previously telling me I had a virus and there are no other apparent threats telling me to click on something. But when I right click on the tray and search through the properties taskbar and click customize, they seem to still be there. Here are the photos:

    [​IMG]
    [​IMG]

    The items I am pointing at are Spyware 2.3 and the Virus Alert, which are in both windows. Does this mean they are still in my system? Active? If so, what do you reccomend the next step? Do you want to read the log from the ewido?

    Thanks,
    Anthony
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/484536

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice