Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help with Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby maxxpower71 » April 16th, 2007, 8:12 pm

After I complete the final step, that should be it. I ran Spybot and it still found the Smitfraud problem. I havent had any pop-ups after though. Maybe Spybot is finding something that is dead. Thanks for all the help.
maxxpower71
Active Member
 
Posts: 14
Joined: April 12th, 2007, 8:03 pm
Advertisement
Register to Remove

Unread postby maxxpower71 » April 16th, 2007, 8:17 pm

Spybot didnt finish when I posted this and it found a bunch of tracking cookies.
maxxpower71
Active Member
 
Posts: 14
Joined: April 12th, 2007, 8:03 pm

Unread postby tim s » April 16th, 2007, 8:30 pm

Hi maxxpower71

I need you to run this online scan it shows things that Panda doesn't.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
*Note: You must use Internet Explorer browser for this scan to work not Mozilla Firefox.

  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

----------------------------------------------------------------

Post in next rely
kaspersky scan log
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Kaspersky Report

Unread postby maxxpower71 » April 17th, 2007, 9:26 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 17, 2007 9:23:48 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/04/2007
Kaspersky Anti-Virus database records: 298687
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
E:\

Scan Statistics:
Total number of scanned objects: 65124
Number of viruses found: 9
Number of infected objects: 20
Number of suspicious objects: 0
Duration of the scan process: 01:26:34

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\.housecall6.6\Quarantine\istdownload[1].exe.bac_a02164 Infected: Trojan-Downloader.Win32.IstBar.pn skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\.housecall6.6\Quarantine\uninstaller.prod.v1002.23mar2006.exe[1].0c49b348ce1d3b9g.bac_a02164 Infected: not-a-virus:AdWare.Win32.SurfAccuracy.n skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\.housecall6.6\Quarantine\wmplayer.exe.tmp.bac_a02164 Infected: Trojan-Downloader.Win32.Small.bem skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\.housecall6.6\Quarantine\ysb.dll.bac_a02164 Infected: Trojan-Downloader.Win32.IstBar.pb skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\.housecall6.6\Quarantine\ysbactivex.dll.bac_a02164 Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\.housecall6.6\Quarantine\ysb[1].dll.bac_a02164 Infected: Trojan-Downloader.Win32.IstBar.pb skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\.housecall6.6\Quarantine\ysb_regular[1].cab.bac_a02120/ysbactivex.dll Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\.housecall6.6\Quarantine\ysb_regular[1].cab.bac_a02120 CAB: infected - 1 skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\.housecall6.6\Quarantine\ysb_regular[1].cab.bac_a02120 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\.housecall6.6\Quarantine\ysb_regular[1].cab.bac_a02164/ysbactivex.dll Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\.housecall6.6\Quarantine\ysb_regular[1].cab.bac_a02164 CAB: infected - 1 skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\.housecall6.6\Quarantine\ysb_regular[1].cab.bac_a02164 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Desktop\WinPFind3u\MovedFiles\WINDOWS\iihihf.dll Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Desktop\WinPFind3u\MovedFiles\WINDOWS\khiiff.dll Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Temp\Perflib_Perfdata_b74.dat Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Temp\~DF27E4.tmp Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Alberto.ALBERTO-4E1730A\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MPF\data\logout.edb Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MSC\Logs\{3B596FA3-6632-4CB0-9E98-DAF53645B754}.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MSC\Logs\{9EC99D7D-BA68-41B3-BFE4-DCDD2A2B2954}.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\History\History.IE5\MSHist012007041420070415\index.dat Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Temp\~DFB0E0.tmp Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\My Documents\FOTOS DE VESTIDO NO ABRIR\P1010558.JPG Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\My Documents\FOTOS DE VESTIDO NO ABRIR\P1010559.JPG Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\My Documents\FOTOS DE VESTIDO NO ABRIR\P1010560.JPG Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nimia.ALBERTO-4E1730A\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ewido\security suite\Quarantine\quaraFile8.ess/packed Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\Program Files\ewido\security suite\Quarantine\quaraFile8.ess GZIP: infected - 1 skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\RECYCLER\S-1-5-21-790525478-1085031214-682003330-1004\Dc128.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\RECYCLER\S-1-5-21-790525478-1085031214-682003330-1004\Dc129.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\RECYCLER\S-1-5-21-790525478-1085031214-682003330-1004\Dc130.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{1F7F96F8-265A-4AA7-8FAF-96B7D1ED7D6E}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{80352240-C8EF-47A0-A91E-5C6C50662F1E}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_faKGy8zpGZXdHW1 Object is locked skipped
C:\WINDOWS\Temp\mcafee_h66VcRfobMM9SLW Object is locked skipped
C:\WINDOWS\Temp\mcafee_Pt00WwWgXs25FkR Object is locked skipped
C:\WINDOWS\Temp\mcmsc_48qdG0ftOKYB8mH Object is locked skipped
C:\WINDOWS\Temp\mcmsc_4ImrvKmGUKjWHHl Object is locked skipped
C:\WINDOWS\Temp\mcmsc_dUQUZCNwTjYSasC Object is locked skipped
C:\WINDOWS\Temp\mcmsc_P6HNUnesSknwjFI Object is locked skipped
C:\WINDOWS\Temp\mcmsc_ufWPFidLrRPJq2g Object is locked skipped
C:\WINDOWS\Temp\sqlite_BrpiJQPXX10UfMx Object is locked skipped
C:\WINDOWS\Temp\sqlite_cSsTLORg60CmSlw Object is locked skipped
C:\WINDOWS\Temp\sqlite_nibTo7NTYQAhOXs Object is locked skipped
C:\WINDOWS\Temp\sqlite_p0ecWFif7SneVwV Object is locked skipped
C:\WINDOWS\Temp\sqlite_t1Ejb7f7fZs3dIi Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
maxxpower71
Active Member
 
Posts: 14
Joined: April 12th, 2007, 8:03 pm

HJT Log

Unread postby maxxpower71 » April 17th, 2007, 9:27 pm

Logfile of HijackThis v1.99.1
Scan saved at 9:26:03 PM, on 4/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://sef.mlxchange.com/Control/MultiS ... mboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://sef.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://sef.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O23 - Service: McAfee Application Installer Cleanup (0024861176639926) (0024861176639926mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\002486~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
maxxpower71
Active Member
 
Posts: 14
Joined: April 12th, 2007, 8:03 pm

Unread postby tim s » April 17th, 2007, 11:26 pm

Hi maxxpower71

Use window explorer here to navigate to:

C:\Documents and Settings\Alberto.ALBERTO-4E1730A\.housecall6.6\Quarantine\ <<<< Navigate to this folder and clean it out.

--------------------------------------------------------------------------------

C:\Program Files\ewido\security suite\Quarantine\ <<<< This folder has infected files in it.
ewido\security suite is the older verison it is now updated to AVG Anti-Spyware 7.5 <<< new name used to be Ewido
You can uninstall this verison ewido\security suite

I didn't see the older verison in your logs, I would of had you uninstall that one first before installing the new verison. After unistalling Ewido let me know if it caused the new verison not to run. If it does you will have to uninstall the new verison and redownload and install again.

----------------------------------------------------------------------------

C:\RECYCLER\S-1-5-21-790525478-1085031214-682003330-1004\Dc128.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\RECYCLER\S-1-5-21-790525478-1085031214-682003330-1004\Dc129.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\RECYCLER\S-1-5-21-790525478-1085031214-682003330-1004\Dc130.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
Here empty out your recycle bin

-----------------------------------------------------------------------------

Your version of Java is now outdated. Java vulnerabilites are commonly exploited by viruses. You need to update.

Download the latest version of Java Runtime Environment (JRE) 6u1
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u 1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Click Start then Control Panel > then Add/Remove Programs and remove all older versions of Java.
  • Remove any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed to complete uninstall.
  • Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.

-------------------------------------------------------------------------

Here I am going to get you to boot in safe mode and run Spybot again and let me know if it finds Smitfraud.

Open spybot here and let it check for updates before booting into safe mode.
After Spybot gets done updating close without running >>> boot into safemode.



Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

Open Spybot and run scan.
-----------------------------------------------------------------------

Post a new HJT log and let me know what Spybot scan found.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby tim s » April 23rd, 2007, 10:22 pm

Hi maxxpower71

Are you still needing any help.

tim s
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Elrond » April 29th, 2007, 12:46 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware