Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

infected -ucleaner and udefender - hijack this log included

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby junkdave » July 15th, 2007, 10:45 am

Thanks, Without Recycler lines:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 14, 2007 8:39:10 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 14/07/2007
Kaspersky Anti-Virus database records: 362153
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 214488
Number of viruses found: 5
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 07:40:41

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{3C651B32-213D-49DB-B46B-C12CE36B6D7E}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{E2A7061D-274C-434C-AE5B-4ECC03E9FF57}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MWL\Dave 2-PrestoGui_2007-07-13.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MWL\SYSTEM-netlib_2007-07-13.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MWL\SYSTEM-PrestoSvc_2007-07-13.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\295476f3af5c1192f232d621b1777542_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4e24ecc92d5d2ece117f5ebdcf6da11d_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d568551c2c69dacdb116937741758b1_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\805aa1b0860d2bb02e7049ef71a1336a_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8562d0f691f88d3ae549469505d87b83_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7176eac29bd4f0861d366a73f77662d_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\acc8e308fd783c74aa49fa52a889e897_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\af042b03f40a391c6ba2bafd47ccbfc3_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7f883fa7ecfcde8f5639c3aeb9b7ca6_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f6a44253364218a138e1aa18a77737e1_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10242006-230834.log Object is locked skipped
C:\Documents and Settings\All Users\Documents\Employee_blank.doc Object is locked skipped
C:\Documents and Settings\Dave 2\Application Data\Adobe\Acrobat\7.0\Tex.err Object is locked skipped
C:\Documents and Settings\Dave 2\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Dave 2\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Documents and Settings\Dave 2\Application Data\Microsoft\Outlook\Outlook~1.srs Object is locked skipped
C:\Documents and Settings\Dave 2\Application Data\QSPMShare Object is locked skipped
C:\Documents and Settings\Dave 2\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
C:\Documents and Settings\Dave 2\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\dbdam Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\dbdao Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\dbeam Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\dbeao Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\dbm Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\fii.cf1 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\fim1i.cf1 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\fim1ih.ht1 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\hp Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Google\Google Desktop\0851c993373c\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Microsoft\Outlook\archive1.pst Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D6D9DA56-BDC9-4CD4-AD31-00737F4348AC} Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\GatherLogs\MyIndex\MyIndex.218.Crwl Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\GatherLogs\MyIndex\MyIndex.218.gthr Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\0001000E.ci Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\Build\Indexer\NlFiles\CiST0000.000 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\Build\Indexer\NlFiles\DocId.Map Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\MyIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\MyIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\MyIndex.Hash.gthr Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\MyIndex.Hash.gthr.Dir Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\MyIndex.Hash.gthr.h0 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\MyIndex.Hash.gthr.h0.Dir Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\MyIndex.Hash.gthr.h1 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\MyIndex.Hash.gthr.h1.Dir Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\MyIndex.Hash.gthr.h3 Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\MyIndex.Hash.gthr.h4A Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\MyIndex.Hash.gthr.h4A.Dir Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\MyIndex.Hash.gthr.h4B Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\MyIndex.Hash.gthr.h4B.Dir Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\MyIndex.Hash.gthr.idx Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\MyIndex.Idm.gthr Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Projects\MyIndex\MyIndex.Ntfy391.gthr Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Properties\MSS.log Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Properties\MSStmp.log Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Properties\RSApp.edb Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Applications\RSApp\Properties\tmp.edb Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Logs\MAPI.txt Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Temp\rssgthrsvc\Ntf3A.tmp Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Temp\rssgthrsvc\Ntf3B.tmp Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\MSN Toolbar Suite\DS\Temp\rssgthrsvc\Perflib_Perfdata_10e4.dat Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Musicmatch\Jukebox\Portables.log Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\History\History.IE5\MSHist012007071320070714\index.dat Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Temp\Acr42BF.tmp Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Temp\JET27.tmp Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Temp\JET4331.tmp Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Temp\~DF39FA.tmp Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Temp\~DF6577.tmp Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Temp\~DFDAD7.tmp Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dave 2\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave 2\My Documents\Downloads\Malware Fixes\SmitfraudFix\Process.exe Object is locked skipped
C:\Documents and Settings\Dave 2\My Documents\Downloads\Malware Fixes\SmitfraudFix\Reboot.exe Object is locked skipped
C:\Documents and Settings\Dave 2\My Documents\Downloads\Malware Fixes\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Dave 2\My Documents\Downloads\Malware Fixes\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Dave 2\My Documents\Downloads\Malware Fixes\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Dave 2\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dave 2\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Multimedia\MPP\AtmosphereMPP.mpp Object is locked skipped
C:\Program Files\Enigma Software Group\SpyHunter\Download\spyhunter_update.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/1/EnigmaUpdater.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Program Files\Enigma Software Group\SpyHunter\Download\spyhunter_update.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/2/esgi_md5h.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Program Files\Enigma Software Group\SpyHunter\Download\spyhunter_update.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/14/Esgiutl1.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Program Files\Enigma Software Group\SpyHunter\Download\spyhunter_update.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/16/SHSched.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Program Files\Enigma Software Group\SpyHunter\Download\spyhunter_update.exe/PRE Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Program Files\Enigma Software Group\SpyHunter\Download\spyhunter_update.exe Ghost Installer: infected - 5 skipped
C:\Program Files\Enigma Software Group\SpyHunter\Download\spyhunter_update.exe UPX: infected - 5 skipped
C:\Program Files\Enigma Software Group\SpyHunter\EnigmaUpdater.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Program Files\Enigma Software Group\SpyHunter\Esgiutl1.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Program Files\Enigma Software Group\SpyHunter\esgi_md5h.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Program Files\Enigma Software Group\SpyHunter\SHSched.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Program Files\Glance\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1540 skipped
C:\Program Files\InstallShield Installation Information\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{3CB41017-F5CA-4C56-934C-ED02156251E6}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{47808F78-F178-49DC-B708-15FE538B16FF}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{523E6F2A-2D59-4D91-90E8-6C49931C9F50}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{B6E70EDD-6255-4DB7-9A43-F54D8462D987}\setup.ilg Object is locked skipped
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AtmoHWConfig.txt Object is locked skipped
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AvatarsDefault.prf Object is locked skipped
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\BookmarksDefault.prf Object is locked skipped
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\DefaultAvatarIcon.jpg Object is locked skipped
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\DefaultWorldIcon.jpg Object is locked skipped
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\InternetChatHelp.url Object is locked skipped
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VETsdk.dll Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP247\A0040551.ocx Infected: Trojan.Win32.FaceCodec.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0041311.exe Infected: Trojan-Downloader.Win32.Alphabet.j skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP258\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4710D7D4-100F-4CC8-BDC9-CD0786580A57}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\Logfiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_ioEDtbicsRU3ObR Object is locked skipped
C:\WINDOWS\Temp\mcafee_pClUWlYubChviNb Object is locked skipped
C:\WINDOWS\Temp\mcmsc_i7A4NSl3cfqKhdI Object is locked skipped
C:\WINDOWS\Temp\mcmsc_JecMewnKMd7A5wC Object is locked skipped
C:\WINDOWS\Temp\mcmsc_mWVngMMhHXyuFG3 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_nwSPPbVaZGRttW8 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_wDXZshOxweMguKD Object is locked skipped
C:\WINDOWS\Temp\spnserv.dat Object is locked skipped
C:\WINDOWS\Temp\spserv.dat Object is locked skipped
C:\WINDOWS\Temp\sqlite_7ECsICloFo79UWV Object is locked skipped
C:\WINDOWS\Temp\sqlite_a5MUnv90oeRgDpy Object is locked skipped
C:\WINDOWS\Temp\sqlite_b01LebuggIlW6m4 Object is locked skipped
C:\WINDOWS\Temp\sqlite_bB7yiaoxVYiPoqs Object is locked skipped
C:\WINDOWS\Temp\sqlite_GdEnvfeyv4JvUqp Object is locked skipped
C:\WINDOWS\Temp\sqlite_HxpUPhXUsIRssMb Object is locked skipped
C:\WINDOWS\Temp\sqlite_otWcbI77nYgManP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
junkdave
Active Member
 
Posts: 11
Joined: July 11th, 2007, 11:29 am
Advertisement
Register to Remove

Unread postby random/random » July 16th, 2007, 6:59 am

I see you have SpyHunter installed

It used to be on the rogue list at
http://www.spywarewarrior.com/rogue_anti-spyware.htm
While there are still unresolved allegations that SpyHunter transmits the Windows Product ID from users' PCs (1), we can no longer classify this application as "rogue/suspect." Nonetheless, SpyHunter -- at least in its current state -- cannot be recommended because of its mediocre performance as an anti-spyware scanner. Testing indicates that it does not recognize some well-known spyware installations and has difficulty removing critical spyware/adware files even from those it does recognize (1). Given the many excellent competing anti-spyware applications that are available (some for free), users would do better looking elsewhere for trustworthy anti-spyware protection.


And kaspersky detects it as not-a-virus:FraudTool.Win32.SpyHunter.b, and some other trusted antivirus vendors also detect it in a similar way

Aside from that:

You can delete smitfraudfix & fixwareout & the C:\fixwareout\ folder

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
  1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Reboot.

    Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.
    NOTE: only do this ONCE,NOT on a regular basis
  2. Keep your antivirus and firewall updated
  3. Keep windows up to date with the latest patches


    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

    If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
  4. Install spywareblaster
    Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
    kill bits
    in the registry, so that certain activex controls can't install.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster here here
    Make sure to update it on a regular basis
  5. Install IE-SPYAD
    Dowload and instructions located here
    Make sure to update it on a regular basis
  6. Use a HOSTS file
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button (at the lower left hand corner of your screen)
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then double-click it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok
  7. Install and use Ad-aware & Spybot search & destroy
    Instructions are located here
    Make sure to update them on a regular basis
  8. Most exploits are aimed at internet explorer, so I recommend you switch to an altenative browser
    Two good alternative browsers are
    Firefox
    Opera
    It is essential to update to the latest version of your browser, as the updates fix known security holes
  9. Even if you do decide to switch to another browser, it is still a good idea to lock down Internet explorer
    This can be done by following these simple instructions:
    From within Internet Explorer click on the Tools menu and then click on Options.
    Click once on the Security tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    Change the allow paste operations via script to Disable
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.
  10. Clean out you temp file on a regular basis
    I use and recommend ATF Cleaner by Attribune
    To use it, follow these instructions
    • Double-click ATF-Cleaner.exe to run the program.
    • Click Main at the top and choose Select All from the list.
    • Click the Empty Selected button.
    If you use Firefox browser:
    • Click Firefox at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser:
    • Click Opera at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
  11. Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby NonSuch » July 24th, 2007, 4:16 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27305
Joined: February 23rd, 2005, 7:08 am
Location: California

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 59 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware