Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

winantispyware 2006

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

winantispyware 2006

Unread postby tidyme » October 30th, 2006, 1:36 pm

i have been infected by winantispyware 2006 can anyone help me get rid of it i have norton anti virus 2006 but it didnt detect it
tidyme
Regular Member
 
Posts: 20
Joined: October 30th, 2006, 1:28 pm
Advertisement
Register to Remove

Unread postby Blade81 » October 30th, 2006, 1:50 pm

Hi tidyme! Welcome to the forum. :)


Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on
    Edit > Select All
    then click on
    Edit > Copy
    to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Unread postby tidyme » October 30th, 2006, 1:53 pm

Logfile of HijackThis v1.99.1
Scan saved at 17:52:18, on 30/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxos.dll,startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/683c920 ... 723_35.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/ ... mDlBrg.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/insta ... lashAX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
tidyme
Regular Member
 
Posts: 20
Joined: October 30th, 2006, 1:28 pm

Unread postby Blade81 » October 30th, 2006, 3:17 pm

I am currently looking over your log. As I am an Undergraduate, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

Thanks for your patience!
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Unread postby Blade81 » October 31st, 2006, 7:44 am

Rename your HijackThis.exe. You need to do renaming so we can get hiding malware visible.

This is the file you need to rename C:\Program Files\Hijackthis\HijackThis.exe

To do this, follow these steps:
1. Navigate into C:\Program Files\HijackThis -folder
2. Click (don't double-click!) on HijackThis.exe to make it highlighted.
3. Press F2 and you can give a new name to this file. Name it scanner.exe


Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Image

______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

Image

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a
RiskTool; it is not a virus, but a program used to stop system processes.
Antivirus programs cannot distinguish between good and malicious use of such programs, therefore they may alert the user.

Please post:
C:\rapport.txt & a fresh hjt log
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Unread postby tidyme » October 31st, 2006, 1:58 pm

I hope this the file you wanted

SmitFraudFix v2.117

Scan done at 17:53:59.37, 31/10/2006
Run from
C:\Documents and Settings\Dave & Abbi\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismini.exe FOUND !
C:\WINDOWS\system32\drvxos.dll FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !





»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAVE


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
tidyme
Regular Member
 
Posts: 20
Joined: October 30th, 2006, 1:28 pm

Unread postby Blade81 » October 31st, 2006, 2:29 pm

Ok. :) Did you rename Hijackthis.exe file to scanner.exe as I asked you to do in my previous post? If not, do it now before continuing forward.


Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.


Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

Image


The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode. Send AVG Anti-Spyware log, rapport.txt and a fresh hjt log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Unread postby tidyme » October 31st, 2006, 2:55 pm

it keeps on saying failed to connect to proxy host, but im connected to the interent i dont understand
tidyme
Regular Member
 
Posts: 20
Joined: October 30th, 2006, 1:28 pm

Unread postby Blade81 » October 31st, 2006, 3:12 pm

tidyme wrote:it keeps on saying failed to connect to proxy host, but im connected to the interent i dont understand

Where you get that error? When trying to update AVG Anti-Spyware? If yes, have you tried manual update?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Unread postby tidyme » November 1st, 2006, 4:56 am

hope this is what u wanted

SmitFraudFix v2.117

Scan done at 22:43:40.48, 31/10/2006
Run from
C:\Documents and Settings\Dave & Abbi\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:14:23 01/11/2006

+ Scan result:



C:\WINDOWS\Temp\win17.tmp.exe -> Dialer.InstantAccess.k : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win50.tmp.exe -> Dialer.InstantAccess.k : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win8D.tmp -> Dialer.InstantAccess.k : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FD5CDFA-92EA-45AE-883E-D9CF28F6D8CD}\RP110\A0019058.exe -> Downloader.Zlob.adq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FD5CDFA-92EA-45AE-883E-D9CF28F6D8CD}\RP111\A0019917.exe -> Downloader.Zlob.adq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FD5CDFA-92EA-45AE-883E-D9CF28F6D8CD}\RP111\A0019926.exe -> Downloader.Zlob.adq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FD5CDFA-92EA-45AE-883E-D9CF28F6D8CD}\RP111\A0020926.exe -> Downloader.Zlob.adq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FD5CDFA-92EA-45AE-883E-D9CF28F6D8CD}\RP111\A0021925.exe -> Downloader.Zlob.adq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FD5CDFA-92EA-45AE-883E-D9CF28F6D8CD}\RP111\A0022958.exe -> Downloader.Zlob.adq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FD5CDFA-92EA-45AE-883E-D9CF28F6D8CD}\RP111\A0022959.exe -> Downloader.Zlob.adq : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave & Abbi\Application Data\winantispyware2006freeinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\mst54A.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Ignored.
C:\System Volume Information\_restore{5FD5CDFA-92EA-45AE-883E-D9CF28F6D8CD}\RP111\A0022960.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Ignored.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.6:C:\Documents and Settings\Dave & Abbi\Application Data\Mozilla\Firefox\Profiles\s1pwan09.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@7search[1].txt -> TrackingCookie.7search : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@ehg-bskyb.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@ehg-ladbrokes.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@ehg-liverpoolfctv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@ehg-nokiafin.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@counter5.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.7:C:\Documents and Settings\Dave & Abbi\Application Data\Mozilla\Firefox\Profiles\s1pwan09.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.8:C:\Documents and Settings\Dave & Abbi\Application Data\Mozilla\Firefox\Profiles\s1pwan09.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@statse.webtrendslive[3].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

i am just trying to do a hijack this reportit keeps stopping at 023 at NT services.

Also my laptop is now running painfully slow
tidyme
Regular Member
 
Posts: 20
Joined: October 30th, 2006, 1:28 pm

Unread postby tidyme » November 1st, 2006, 4:57 am

hope this is what u wanted

SmitFraudFix v2.117

Scan done at 22:43:40.48, 31/10/2006
Run from
C:\Documents and Settings\Dave & Abbi\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:14:23 01/11/2006

+ Scan result:



C:\WINDOWS\Temp\win17.tmp.exe -> Dialer.InstantAccess.k : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win50.tmp.exe -> Dialer.InstantAccess.k : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win8D.tmp -> Dialer.InstantAccess.k : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FD5CDFA-92EA-45AE-883E-D9CF28F6D8CD}\RP110\A0019058.exe -> Downloader.Zlob.adq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FD5CDFA-92EA-45AE-883E-D9CF28F6D8CD}\RP111\A0019917.exe -> Downloader.Zlob.adq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FD5CDFA-92EA-45AE-883E-D9CF28F6D8CD}\RP111\A0019926.exe -> Downloader.Zlob.adq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FD5CDFA-92EA-45AE-883E-D9CF28F6D8CD}\RP111\A0020926.exe -> Downloader.Zlob.adq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FD5CDFA-92EA-45AE-883E-D9CF28F6D8CD}\RP111\A0021925.exe -> Downloader.Zlob.adq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FD5CDFA-92EA-45AE-883E-D9CF28F6D8CD}\RP111\A0022958.exe -> Downloader.Zlob.adq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5FD5CDFA-92EA-45AE-883E-D9CF28F6D8CD}\RP111\A0022959.exe -> Downloader.Zlob.adq : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave & Abbi\Application Data\winantispyware2006freeinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\mst54A.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Ignored.
C:\System Volume Information\_restore{5FD5CDFA-92EA-45AE-883E-D9CF28F6D8CD}\RP111\A0022960.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Ignored.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.6:C:\Documents and Settings\Dave & Abbi\Application Data\Mozilla\Firefox\Profiles\s1pwan09.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@7search[1].txt -> TrackingCookie.7search : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@ehg-bskyb.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@ehg-ladbrokes.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@ehg-liverpoolfctv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@ehg-nokiafin.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@counter5.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.7:C:\Documents and Settings\Dave & Abbi\Application Data\Mozilla\Firefox\Profiles\s1pwan09.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.8:C:\Documents and Settings\Dave & Abbi\Application Data\Mozilla\Firefox\Profiles\s1pwan09.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@statse.webtrendslive[3].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Dave & Abbi\Cookies\dave & abbi@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\Cookies\dave & abbi@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

i am just trying to do a hijack this reportit keeps stopping at 023 at NT services.

Also my laptop is now running painfully slow
tidyme
Regular Member
 
Posts: 20
Joined: October 30th, 2006, 1:28 pm

Unread postby tidyme » November 1st, 2006, 4:58 am

Logfile of HijackThis v1.99.1
Scan saved at 08:55:54, on 01/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hijackthis\scanner.exe.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39CC4135-B43B-4C4E-81D2-F39B49929975} - C:\WINDOWS\system32\pmkji.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxos.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/683c920 ... 723_35.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/ ... mDlBrg.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/insta ... lashAX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
tidyme
Regular Member
 
Posts: 20
Joined: October 30th, 2006, 1:28 pm

Unread postby Blade81 » November 2nd, 2006, 2:04 am

Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Delete following files, if found:
C:\Documents and Settings\Dave & Abbi\Application Data\winantispyware2006freeinstall[1].exe
C:\Documents and Settings\Dave & Abbi\Local Settings\Temp\mst54A.tmp


Please download
VundoFix.exe
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files,
    click YES
  • Once you click yes, your desktop will go blank as it starts removing
    Vundo.
  • When completed, it will prompt that it will reboot your computer,
    click OK.
  • Please post the contents of C:\vundofix.txt and a new
    HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from
Click the Scan for Vundo button when VundoFix appears at reboot.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Unread postby tidyme » November 2nd, 2006, 7:20 pm

this has been running now all day and still has finished searching just wondered how long it normally takes i will let it run overnight
tidyme
Regular Member
 
Posts: 20
Joined: October 30th, 2006, 1:28 pm

Unread postby Blade81 » November 3rd, 2006, 1:54 am

tidyme wrote:this has been running now all day and still has finished searching just wondered how long it normally takes i will let it run overnight

Do you mean Vundofix? It shouldn't take too much time.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware