Sos!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Saloo

Thread Starter
Joined
Sep 12, 2005
Messages
27
Help! My computer is totally infected and i can't figure out what to do. My internet browser is hijacked and i get pop-ups. Here is my logfile. Plz help!


Logfile of HijackThis v1.99.1
Scan saved at 12:43:21 PM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\ishost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ismon.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\S3tray2.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\SpyQuake2.com\Spy-Quake2.exe
C:\WINDOWS\system32\833f962d.exe
C:\Program Files\SpyQuake2.com\Spy-Quake2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINDOWS\system32\compstuic.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Immcheck] immcheck.exe -1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpyQuake2.com] C:\Program Files\SpyQuake2.com\Spy-Quake2.exe /h
O4 - HKLM\..\Run: [833f962d.exe] C:\WINDOWS\system32\833f962d.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [833f962d.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\833f962d.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O20 - AppInit_DLLs: winspool.dll C:\WINDOWS\system32\winspool.dll
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g7373156.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhab32 - C:\WINDOWS\SYSTEM32\winhab32.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Joined
Feb 17, 2006
Messages
3,202
lets pre clean the computer with these

spybot search and destroy...

http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10122137.html

then get ad-aware here...

http://www.download.com/3000-2144-10045910.html


then get CWShredder 2.19 .....here...

http://www.softpedia.com/progDownload/CWShredder-Download-8114.html

get these tools and update them...run them in safe mode...if you don't know how then go here for the lowdown...

http://reviews.cnet.com/5208-6121-0.html?forumID=45&threadID=22053&messageID=274875

after updateing and starting in safe mode run the tools...have them delete anything they find....

you can also do free online scans here


http://www.webroot.com/consumer/downloads/?WRSID=cd9965ab626742570bc638b5528add3f

write down any names that spysweeper finds...

then this online scan

http://housecall.trendmicro.com/


these tools and online scans should be run before rerunning HJT and reposting the log
this will speedup the cleaning process for the log pros...
 

Saloo

Thread Starter
Joined
Sep 12, 2005
Messages
27
Ok i tried following the instructions but my computer is totally whacked out. It wouldn't open the hijack this notepad so I can't even post it on here. And some of the programs don't open. And i am still getting "spyware removal setup" pop up messages. OH and i can't even open control panel :(
 

Saloo

Thread Starter
Joined
Sep 12, 2005
Messages
27
Alright i tried it in safe mode and it worked. Thanks. HEre is a new hJT log.



Logfile of HijackThis v1.99.1
Scan saved at 1:22:59 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\S3tray2.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\TEMP\win5C.tmp.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINDOWS\system32\compstuic.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Immcheck] immcheck.exe -1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [833f962d.exe] C:\WINDOWS\system32\833f962d.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [833f962d.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\833f962d.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O20 - AppInit_DLLs: winspool.dll C:\WINDOWS\system32\winspool.dll
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g7373156.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhab32 - C:\WINDOWS\SYSTEM32\winhab32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Joined
Sep 7, 2004
Messages
49,014
Download win32delfkil.exe: http://users.telenet.be/marcvn/tools/win32delfkil.exe
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil
Close all windows, open the win32delfkil folder and double click on fix.bat.

The computer will reboot automatically
=========================

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). We’ll get them next step.
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
=============================

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 

Saloo

Thread Starter
Joined
Sep 12, 2005
Messages
27
Ok, the Smitfraudfix didn't work. I get an error saying process.exe can not be found. Here is the summary of Spysweeper.
Logfile of HijackThis v1.99.1
Scan saved at 7:16:05 PM, on 8/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\S3tray2.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\833f962d.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] "c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [Immcheck] immcheck.exe -1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [833f962d.exe] C:\WINDOWS\system32\833f962d.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [833f962d.exe] "C:\Documents and Settings\Owner\Local Settings\Application Data\833f962d.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O20 - AppInit_DLLs: winspool.dll C:\WINDOWS\system32\winspool.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 

Saloo

Thread Starter
Joined
Sep 12, 2005
Messages
27
Here is the Spy Sweeper file. And i am still getting the spyware wizard setup popups.
7:13 PM: Removal process completed. Elapsed time 00:00:25
7:13 PM: Quarantining All Traces: system doctor 2006 fakealert
7:13 PM: Quarantining All Traces: cws_meup
7:13 PM: Quarantining All Traces: dialerplatform
7:13 PM: Quarantining All Traces: winantivirus pro
7:13 PM: Quarantining All Traces: lopdotcom
7:13 PM: Quarantining All Traces: security2k hijacker
7:13 PM: Removal process initiated
7:12 PM: Traces Found: 27
7:12 PM: Full Sweep has completed. Elapsed time 00:30:24
7:12 PM: File Sweep Complete, Elapsed Time: 00:27:03
7:10 PM: Warning: Failed to access drive F:
7:10 PM: Warning: Failed to access drive E:
7:07 PM: Warning: Failed to open file "c:\program files\updates from hp\137903\users\default\data\d0000000.fcs". The operation completed successfully
7:06 PM: C:\WINDOWS\g5389046.dll (ID = 328045)
7:06 PM: C:\WINDOWS\g1260250.dll (ID = 328045)
7:06 PM: C:\WINDOWS\g2463390.dll (ID = 328045)
7:06 PM: C:\WINDOWS\g3665078.dll (ID = 328045)
7:06 PM: C:\WINDOWS\g178468.dll (ID = 328045)
7:06 PM: C:\WINDOWS\g6673093.dll (ID = 328045)
7:06 PM: C:\WINDOWS\g1378890.dll (ID = 328045)
7:06 PM: C:\WINDOWS\g3647890.dll (ID = 328045)
7:04 PM: C:\Documents and Settings\Owner\Application Data\winantiviruspro2006freeinstall[1].exe (ID = 327825)
7:04 PM: Found Adware: winantivirus pro
7:04 PM: C:\WINDOWS\temp\win48.tmp.exe (ID = 319862)
7:04 PM: C:\WINDOWS\cpblpbc26.log (ID = 328045)
7:04 PM: C:\WINDOWS\system32\compstuic.dll (ID = 328045)
7:04 PM: C:\WINDOWS\temp\win5C.tmp.exe (ID = 319862)
6:55 PM: C:\WINDOWS\g1488937.dll (ID = 328045)
6:52 PM: C:\WINDOWS\g1498687.dll (ID = 328045)
6:50 PM: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FEBNN84T\srvgka[1].exe (ID = 319862)
6:50 PM: Found Adware: system doctor 2006 fakealert
6:49 PM: C:\WINDOWS\g177531.dll (ID = 328045)
6:48 PM: C:\WINDOWS\cpblpbc25.log (ID = 328045)
6:47 PM: C:\WINDOWS\g2446468.dll (ID = 328045)
6:47 PM: C:\WINDOWS\g1245828.dll (ID = 328045)
6:47 PM: C:\WINDOWS\g167921.dll (ID = 328045)
6:47 PM: Found Adware: cws_meup
6:46 PM: C:\!KillBox\joy audio\cdrom win.dll (ID = 466)
6:46 PM: Found Adware: lopdotcom
6:46 PM: c:\windows\downloaded program files\gdnus2339.exe (ID = 322697)
6:46 PM: Found Adware: dialerplatform
6:45 PM: Starting File Sweep
6:45 PM: Warning: Failed to access drive A:
6:45 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
6:45 PM: Starting Cookie Sweep
6:45 PM: Registry Sweep Complete, Elapsed Time:00:00:16
6:45 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || ishost.exe (ID = 1524342)
6:45 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || ishost.exe (ID = 1513976)
6:45 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || issearch.exe (ID = 1506013)
6:45 PM: Starting Registry Sweep
6:45 PM: Memory Sweep Complete, Elapsed Time: 00:02:49
6:42 PM: Starting Memory Sweep
6:42 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || issearch.exe (ID = 1512087)
6:42 PM: Found Adware: security2k hijacker
6:42 PM: Sweep initiated using definitions version 731
6:42 PM: Spy Sweeper 5.0.5.1286 started
6:42 PM: | Start of Session, Tuesday, August 01, 2006 |
********
6:42 PM: | End of Session, Tuesday, August 01, 2006 |
6:42 PM: Your spyware definitions have been updated.
6:41 PM: Deletion from quarantine completed. Elapsed time 00:00:14
6:41 PM: Processing: tacoda cookie
6:41 PM: Processing: tacoda cookie
6:41 PM: Processing: toplist cookie
6:41 PM: Processing: goclick cookie
6:41 PM: Processing: statcounter cookie
6:41 PM: Processing: seeq cookie
6:41 PM: Processing: bizrate cookie
6:41 PM: Processing: pesttrap cookie
6:41 PM: Processing: about cookie
6:41 PM: Processing: about cookie
6:41 PM: Processing: about cookie
6:41 PM: Processing: webtrends cookie
6:41 PM: Processing: yieldmanager cookie
6:41 PM: Processing: adknowledge cookie
6:41 PM: Processing: web-stat cookie
6:41 PM: Processing: belnk cookie
6:41 PM: Processing: belnk cookie
6:41 PM: Processing: burstbeacon cookie
6:41 PM: Processing: a cookie
6:41 PM: Processing: atwola cookie
6:41 PM: Processing: burstnet cookie
6:41 PM: Processing: burstnet cookie
6:41 PM: Processing: adultfriendfinder cookie
6:41 PM: Processing: whenu weathercast
6:41 PM: Processing: go.com cookie
6:41 PM: Processing: realmedia cookie
6:41 PM: Processing: xpehbam dialer
6:41 PM: Processing: xpehbam dialer
6:41 PM: Processing: webrebates
6:41 PM: Processing: webrebates
6:41 PM: Processing: virtualbouncer
6:41 PM: Processing: ezula ilookup
6:41 PM: Processing: ezula ilookup
6:41 PM: Processing: command
6:41 PM: Processing: ist powerscan
6:41 PM: Processing: findthewebsiteyouneed hijack
6:41 PM: Processing: findthewebsiteyouneed hijack
6:41 PM: Processing: netpal
6:41 PM: Processing: netpal
6:41 PM: Processing: netpal
6:41 PM: Processing: trojan agent winlogonhook
6:41 PM: Processing: surfsidekick
6:41 PM: Processing: surfsidekick
6:41 PM: Processing: squire webhelper
6:41 PM: Processing: quicklink search toolbar
6:41 PM: Processing: quicklink search toolbar
6:41 PM: Processing: delfin
6:41 PM: Processing: delfin
6:41 PM: Processing: adtomi
6:41 PM: Processing: adtomi
6:41 PM: Processing: dollarrevenue
6:41 PM: Processing: dollarrevenue
6:41 PM: Processing: zquest
6:41 PM: Processing: purityscan
6:41 PM: Processing: purityscan
6:41 PM: Processing: trojan-downloader-zlob
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
 

Saloo

Thread Starter
Joined
Sep 12, 2005
Messages
27
:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: lopdotcom
6:41 PM: Processing: security2k hijacker
6:41 PM: Deletion from quarantine initiated
6:39 PM: Removal process completed. Elapsed time 00:00:58
6:38 PM: Quarantining All Traces: whenu weathercast
6:38 PM: Quarantining All Traces: seeq cookie
6:38 PM: Quarantining All Traces: pesttrap cookie
6:38 PM: Quarantining All Traces: burstbeacon cookie
6:38 PM: Quarantining All Traces: web-stat cookie
6:38 PM: Quarantining All Traces: toplist cookie
6:38 PM: Quarantining All Traces: statcounter cookie
6:38 PM: Quarantining All Traces: realmedia cookie
6:38 PM: Quarantining All Traces: webtrends cookie
6:38 PM: Quarantining All Traces: go.com cookie
6:38 PM: Quarantining All Traces: goclick cookie
6:38 PM: Quarantining All Traces: burstnet cookie
6:38 PM: Quarantining All Traces: bizrate cookie
6:38 PM: Quarantining All Traces: belnk cookie
6:38 PM: Quarantining All Traces: a cookie
6:38 PM: Quarantining All Traces: atwola cookie
6:38 PM: Quarantining All Traces: tacoda cookie
6:38 PM: Quarantining All Traces: adultfriendfinder cookie
6:38 PM: Quarantining All Traces: adknowledge cookie
6:38 PM: Quarantining All Traces: yieldmanager cookie
6:38 PM: Quarantining All Traces: about cookie
6:38 PM: Quarantining All Traces: netpal
6:38 PM: Quarantining All Traces: ezula ilookup
6:38 PM: Quarantining All Traces: ist powerscan
6:38 PM: Quarantining All Traces: webrebates
6:38 PM: Quarantining All Traces: virtualbouncer
6:38 PM: Quarantining All Traces: xpehbam dialer
6:38 PM: Quarantining All Traces: command
6:38 PM: Quarantining All Traces: findthewebsiteyouneed hijack
6:38 PM: Quarantining All Traces: zquest
6:38 PM: Quarantining All Traces: squire webhelper
6:38 PM: Quarantining All Traces: adtomi
6:38 PM: Quarantining All Traces: surfsidekick
6:38 PM: Quarantining All Traces: delfin
6:38 PM: Quarantining All Traces: trojan agent winlogonhook
6:38 PM: Quarantining All Traces: dollarrevenue
6:38 PM: Quarantining All Traces: quicklink search toolbar
6:38 PM: Quarantining All Traces: purityscan
6:38 PM: Quarantining All Traces: lopdotcom
6:38 PM: Quarantining All Traces: security2k hijacker
6:38 PM: Quarantining All Traces: trojan-downloader-zlob
6:38 PM: Removal process initiated
6:20 PM: Traces Found: 251
6:20 PM: Full Sweep has completed. Elapsed time 00:37:20
6:20 PM: File Sweep Complete, Elapsed Time: 00:34:13
6:15 PM: Warning: Failed to access drive F:
6:15 PM: Warning: Failed to access drive E:
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\car rental.url (ID = 66611)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\cancun vacation.url (ID = 66591)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\timeshare.url (ID = 68655)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\skiing.url (ID = 68381)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\family vacation.url (ID = 67061)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\vacation.url (ID = 68761)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\london hotel.url (ID = 67698)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\new york.url (ID = 67872)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\las vegas hotel.url (ID = 67610)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\orlando hotel.url (ID = 67959)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\world travel.url (ID = 68881)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\europe travel.url (ID = 67034)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\hawaii travel.url (ID = 67314)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\hotels.url (ID = 67395)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\resort.url (ID = 68217)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\cruises.url (ID = 66774)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\air travel.url (ID = 66199)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\discount travel.url (ID = 66897)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\travel insurance.url (ID = 68707)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\travel agent.url (ID = 68703)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\phone system.url (ID = 68027)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\adjustable bed.url (ID = 66143)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\sleep aids.url (ID = 68390)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\outdoor cooking.url (ID = 67964)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\food nutrition.url (ID = 67161)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\health plan.url (ID = 67320)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\satellite television.url (ID = 68259)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\office space.url (ID = 67905)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\timeshare.url (ID = 68655)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\outdoor furniture.url (ID = 67967)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\interior decorating .url (ID = 67473)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\working from home.url (ID = 68878)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\home refinancing.url (ID = 67385)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\home improvements.url (ID = 67380)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\home security.url (ID = 67387)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\home equity loan.url (ID = 67379)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\perfume.url (ID = 68006)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\womens clothing.url (ID = 68873)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\digital cameras.url (ID = 66893)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\dvd players.url (ID = 66972)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\video surveillance.url (ID = 68777)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\dress fashion.url (ID = 66943)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\watches.url (ID = 68802)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\sexy lingerie.url (ID = 68347)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\underwear.url (ID = 68740)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\shoes.url (ID = 68359)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\jewelry.url (ID = 67547)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\wedding gifts.url (ID = 68842)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\gift basket.url (ID = 67257)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\christmas gift.url (ID = 66674)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\birthday gift.url (ID = 66414)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\wine gifts.url (ID = 68854)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\cellular.url (ID = 66656)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\leather jackets.url (ID = 67615)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\smoke shop.url (ID = 68402)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\corporate gift.url (ID = 66743)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\pet med.url (ID = 68011)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\doctor.url (ID = 66903)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\consumer consulting.url (ID = 66731)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\pass drug test.url (ID = 67986)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\pharmacy online.url (ID = 68018)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\mexican pharmacy.url (ID = 67788)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy propecia.url (ID = 66536)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy ultram online.url (ID = 66545)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy soma.url (ID = 66539)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy xenical.url (ID = 66551)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy celebrex.url (ID = 66522)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy viagra.url (ID = 66548)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy phentermine.url (ID = 66535)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy tenuate.url (ID = 66542)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy ionamin.url (ID = 66527)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy fidrex.url (ID = 66526)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy meridia .url (ID = 66531)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy adipex.url (ID = 66519)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\mp3.url (ID = 67830)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\satellite television.url (ID = 68259)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\printer cartridge.url (ID = 68097)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\dating.url (ID = 66821)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\dvd to cd.url (ID = 66975)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\scratch card.url (ID = 68279)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\descrambler.url (ID = 66885)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\online pharmacy.url (ID = 67944)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\video surveillance.url (ID = 68777)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\pass drug test.url (ID = 67986)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\education\community.url (ID = 66710)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\education\book.url (ID = 66473)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\education\college.url (ID = 66704)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\education\adult education.url (ID = 66176)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\education\school.url (ID = 68271)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\education\essay.url (ID = 67033)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\education\education.url (ID = 67001)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\jokes.url (ID = 67557)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\spyware.url (ID = 68446)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\flowers.url (ID = 67157)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\firewall.url (ID = 67102)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\newsgroup.url (ID = 67868)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\online gaming.url (ID = 67938)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\free long distance.url (ID = 67223)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\investing money.url (ID = 67525)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\online football games.url (ID = 67934)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\starting a business.url (ID = 68532)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\domain registrations.url (ID = 66924)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\web marketing.url (ID = 68819)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\hosting.url (ID = 67393)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\internet business.url (ID = 67510)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\games\sega dreamcast.url (ID = 68306)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\games\playstation.url (ID = 68050)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\games\microsoft.url (ID = 67799)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\games\gamecube.url (ID = 67244)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\games\xbox.url (ID = 68886)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\games\quake.url (ID = 68151)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\games\computer game.url (ID = 66717)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\instant messenger.url (ID = 67467)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\working from home.url (ID = 68878)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\communication technology.url (ID = 66707)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\internet.url (ID = 67497)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\computer programming.url (ID = 66724)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\inkjet cartridge.url (ID = 67435)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\computer jobs .url (ID = 66722)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\domain hosting.url (ID = 66918)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\antivirus.url (ID = 66236)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\dvd.url (ID = 66964)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\hosting.url (ID = 67393)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\jackpot.url (ID = 67543)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\sport book.url (ID = 68439)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\gamble.url (ID = 67241)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\time cards.url (ID = 68636)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\black jack poker.url (ID = 66432)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\craps.url (ID = 66749)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\roulette gambling.url (ID = 68240)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\slots.url (ID = 68395)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\sport betting.url (ID = 68436)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\casino online.url (ID = 66635)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\bingo.url (ID = 66400)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\dating\dating agency.url (ID = 66825)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\dating\online dating.url (ID = 67931)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\dating\internet dating.url (ID = 67513)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\dating\dating service.url (ID = 66827)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\dating\jewish dating.url (ID = 67549)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\dating\christian dating.url (ID = 66672)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\dvd.url (ID = 66964)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\shemale sex.url (ID = 68349)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\fetish.url (ID = 67074)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\photos.url (ID = 68030)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\live video feeds.url (ID = 67673)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\sex toys.url (ID = 68344)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\matchmaking.url (ID = 67744)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\gay.url (ID = 67248)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\viagra.url (ID = 68776)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\adult dvd.url (ID = 66173)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\lesbian.url (ID = 67617)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\hardcore.url (ID = 67309)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\sex movies.url (ID = 68342)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\personals.url (ID = 68008)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\adult toys.url (ID = 66182)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\diet pill.url (ID = 66891)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\buy adipex.url (ID = 66519)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\adult personals.url (ID = 66180)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\breast enhancement.url (ID = 66494)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\adult education.url (ID = 66176)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\buy viagra.url (ID = 66548)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\penis enlargement.url (ID = 68003)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\dating\dating agency.url (ID = 66825)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\dating\online dating.url (ID = 67931)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\dating\internet dating.url (ID = 67513)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\dating\dating service.url (ID = 66827)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\dating\jewish dating.url (ID = 67549)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\dating\christian dating.url (ID = 66672)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\dvd.url (ID = 66964)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\shemale sex.url (ID = 68349)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\fetish.url (ID = 67074)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\photos.url (ID = 68030)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\live video feeds.url (ID = 67673)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\sex toys.url (ID = 68344)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\matchmaking.url (ID = 67744)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\gay.url (ID = 67248)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\viagra.url (ID = 68776)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\adult dvd.url (ID = 66173)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\lesbian.url (ID = 67617)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\hardcore.url (ID = 67309)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\sex movies.url (ID = 68342)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\personals.url (ID = 68008)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\adult toys.url (ID = 66182)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\diet pill.url (ID = 66891)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\buy adipex.url (ID = 66519)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\adult personals.url (ID = 66180)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\breast enhancement.url (ID = 66494)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\adult education.url (ID = 66176)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\buy viagra.url (ID = 66548)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\penis enlargement.url (ID = 68003)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc417\flyordie games.url (ID = 70890)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc417\big fish games.url (ID = 70885)
6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc417\gamehouse games.url (ID = 70891)
6:12 PM: Found Adware: netpal
6:12 PM: C:\WINDOWS\dh.ini (ID = 238253)
6:12 PM: Found Adware: zquest
6:12 PM: C:\Program Files\Yahoo!\browser\Content\temp.mht (ID = 90855)
6:12 PM: C:\!KillBox\drsmartload.dat (ID = 198788)
6:12 PM: C:\!KillBox\VCClient\VCClient.exe.config (ID = 212358)
6:11 PM: Warning: Failed to open file "c:\program files\updates from hp\137903\users\default\data\d0000000.fcs". The operation completed successfully
6:11 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc324\about earn.lnk (ID = 111342)
6:11 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc324\earn website.url (ID = 60442)
6:11 PM: Found Adware: ezula ilookup
6:07 PM: C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr4523 (ID = 301199)
6:06 PM: C:\WINDOWS\system32\margo2a.exe (ID = 49359)
6:03 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc362\websearch.inf (ID = 83972)
5:57 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc414\power scan.lnk (ID = 72676)
5:57 PM: Found Adware: ist powerscan
5:57 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc227\purityscan.lnk (ID = 73235)
5:57 PM: Found Adware: purityscan
5:57 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc358\m.dat (ID = 76825)
5:57 PM: Found Adware: squire webhelper
5:56 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc361\webrebates.inf (ID = 83933)
5:56 PM: Found Adware: webrebates
5:56 PM: C:\WINDOWS\system32\regsvrac32.exe (ID = 49357)
5:56 PM: Found Adware: adtomi
5:55 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc161\weathercast.lnk (ID = 130071)
5:55 PM: Found Adware: whenu weathercast
5:53 PM: C:\!KillBox\remove_tools.html (ID = 57781)
5:52 PM: C:\!KillBox\Exit film\tpcywsnw.exe (ID = 67968)
5:52 PM: Found Adware: lopdotcom
5:49 PM: C:\!KillBox\VCClient\VCUpdate.exe.config (ID = 212361)
5:49 PM: Found Adware: surfsidekick
5:49 PM: C:\!KillBox\BundleOuter1211031201.EXE (ID = 82795)
5:49 PM: Found Adware: virtualbouncer
5:49 PM: C:\Program Files\Yahoo!\browser\Content\LaunchOffline.mht (ID = 90855)
5:49 PM: Found Adware: xpehbam dialer
5:46 PM: C:\WINDOWS\system32\pcs (1 subtraces) (ID = 2147486175)
5:46 PM: Found Adware: delfin
5:46 PM: Starting File Sweep
5:46 PM: Warning: Failed to access drive A:
5:46 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3332)
5:46 PM: Found Spy Cookie: seeq cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 6462)
5:46 PM: Found Spy Cookie: pesttrap cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2337)
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2335)
5:46 PM: Found Spy Cookie: burstbeacon cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3648)
5:46 PM: Found Spy Cookie: web-stat cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3557)
5:46 PM: Found Spy Cookie: toplist cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 6444)
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3447)
5:46 PM: Found Spy Cookie: statcounter cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3235)
5:46 PM: Found Spy Cookie: realmedia cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3669)
5:46 PM: Found Spy Cookie: webtrends cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2038)
5:46 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2728)
5:46 PM: Found Spy Cookie: go.com cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2038)
5:46 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2293)
5:46 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2733)
5:46 PM: Found Spy Cookie: goclick cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2336)
5:46 PM: Found Spy Cookie: burstnet cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2308)
5:46 PM: Found Spy Cookie: bizrate cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2292)
5:46 PM: Found Spy Cookie: belnk cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2027)
5:46 PM: Found Spy Cookie: a cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2255)
5:46 PM: Found Spy Cookie: atwola cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 6445)
5:46 PM: Found Spy Cookie: tacoda cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2165)
5:46 PM: Found Spy Cookie: adultfriendfinder cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2072)
5:46 PM: Found Spy Cookie: adknowledge cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3751)
5:46 PM: Found Spy Cookie: yieldmanager cookie
5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2037)
5:46 PM: Found Spy Cookie: about cookie
5:46 PM: Starting Cookie Sweep
5:46 PM: Registry Sweep Complete, Elapsed Time:00:00:16
5:46 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
5:46 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (ID = 1016072)
5:46 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (ID = 1016064)
5:46 PM: Found Adware: command
5:46 PM: HKLM\software\microsoft\mssmgr\ (ID = 937101)
5:46 PM: Found Trojan Horse: trojan agent winlogonhook
5:46 PM: HKLM\software\microsoft\drsmartload\ (ID = 916795)
5:46 PM: Found Adware: dollarrevenue
 

Saloo

Thread Starter
Joined
Sep 12, 2005
Messages
27
5:46 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quicklinks\ (ID = 909558)
5:46 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || kernel32.dll (ID = 796421)
5:46 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
5:46 PM: Found Adware: security2k hijacker
5:46 PM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438)
5:46 PM: Found Adware: findthewebsiteyouneed hijack
5:46 PM: HKLM\software\ql\ (ID = 359458)
5:46 PM: Found Adware: quicklink search toolbar
5:45 PM: Starting Registry Sweep
5:45 PM: Memory Sweep Complete, Elapsed Time: 00:02:40
5:43 PM: Starting Memory Sweep
5:43 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || kernel32.dll (ID = 1052560)
5:43 PM: Found Trojan Horse: trojan-downloader-zlob
5:43 PM: Sweep initiated using definitions version 691
5:41 PM: None
5:41 PM: Traces Found: 1
5:40 PM: Sweep Canceled
5:40 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || kernel32.dll (ID = 1052560)
5:40 PM: Found Trojan Horse: trojan-downloader-zlob
5:40 PM: Sweep initiated using definitions version 6
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
5:40 PM: Shield States
5:40 PM: Spyware Definitions: 691
 
Joined
Sep 7, 2004
Messages
49,014
You did not extract all o fthe smitfraud files to a folder - redo the process and make sure you extract them to a folder and the execute from the folder

Also run spysweeper again as you were very infected

DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons – I do not recommend
using the Duplicates files button
as many dupes are there on purpose.

Not all files will delete – that is normal.

In the unnecessary button I check the top 4 entries


empty the recycle bin
 

Saloo

Thread Starter
Joined
Sep 12, 2005
Messages
27
SmitFraudFix v2.79

Scan done at 12:09:58.78, Wed 08/02/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\drsmartloadb1.dat FOUND !
C:\WINDOWS\timessquare1.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://us.f2.yahoofs.com/users/417aa36dz13fe7f9c/784b/__sr_/aa07.jpg?phHmBZDBNsJp9Smk"
"SubscribedURL"="http://us.f2.yahoofs.com/users/417aa36dz13fe7f9c/784b/__sr_/aa07.jpg?phHmBZDBNsJp9Smk"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
 
Joined
Sep 7, 2004
Messages
49,014
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top