Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected with VirusBurster, Help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected with VirusBurster, Help!

Unread postby Fishstyx » November 28th, 2006, 11:32 pm

Logfile of HijackThis v1.99.1
Scan saved at 10:31:44 PM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Upromise_Remind_U\UpromiseRemindU.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Upromise_Remind_U\u11050.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Malware Stuff\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Brain Codec\isaddon.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Brain Codec\iesplugin.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UpromiseRemindU] "C:\Program Files\Upromise_Remind_U\UpromiseRemindU.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU. - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7895776056
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - C:\WINDOWS\system32\xxfgmy.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Fishstyx
Regular Member
 
Posts: 27
Joined: December 29th, 2005, 5:51 pm
Advertisement
Register to Remove

reply

Unread postby tim s » November 29th, 2006, 1:33 am

Hi Fishstyx,

Welcome to the MalWare Removal forums! I'll be glad to help you with your computer problems.
HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

In order to help me help you, please observe the following while we work:
  1. If you don't know, stop and ask! Don't continue, we don't want to start all over again!
  2. Understand that cleaning your computer can sometimes take multiple passes/posts,
    and it's important to follow the steps as listed including re-running scans as listed
  3. Please reply to this thread, do not start another.


If you can do those three things, everything should go smoothly
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Fishstyx » November 29th, 2006, 3:31 am

No problem, thanks for the help.
Fishstyx
Regular Member
 
Posts: 27
Joined: December 29th, 2005, 5:51 pm

reply

Unread postby tim s » November 29th, 2006, 2:00 pm

Hi Fishstyx

I need to get you to uninstall ewido anti-spyware 4.0. It has a new verison out now that I will get you to download later in next post please do not install new verison yet. When it is running it can interfer with fix.

-----------------------------------------------

Please do the following:

Add/Remove Programs
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following:

    ewido anti-spyware 4.0

You will need to reboot computer to complete uninstall.

-------------------------------------------------

Download SmitfraudFix (by S!Ri) fom Here to your Desktop.

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

-------------------------------------------------

Make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1.Start HijackThis

Image

2. Click on the Open the Misc tool section button
3. Click on the Misc Tools button

Image

4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save list button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply. Note: please uncheck word wrap under format in notepad

Post HJT Uninstall list in next reply

----------------------------------------------------

Please post in your next reply:
rapport.txt
HJT uninstall list
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Fishstyx » November 30th, 2006, 3:00 am

SmitFraudFix v2.125

Scan done at 1:45:45.56, Thu 11/30/2006
Run from C:\Malware Stuff\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\xxfgmy.dll FOUND !


20,000 Recipes
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0 Professional - English, Français, Deutsch
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop 7.0
Adobe Reader 6.0.1
Apple Software Update
avast! Antivirus
BellSouth® FastAccess® Connection Manager
CCHelp
CCleaner (remove only)
CCScore
Citrix ICA Client
Comcast High-Speed Internet Install Wizard
Desktop Doctor
Dragon NaturallySpeaking 8
EA.com Update
Easy CD Creator 5 Basic
EPSON Printer Software
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
First Step Guide
HijackThis 1.99.1
HLPIndex
HLPRFO
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
ImageMixer VCD2
Intermediate Accounting
Internet Explorer Security Plugin 2006
Internet Security Add-On
iPod for Windows 2005-09-23
iPod for Windows 2005-10-12
iPod for Windows 2005-11-17
iPod for Windows 2006-01-10
iPod Updater 2004-08-06
IrfanView (remove only)
iTunes
J2SE Development Kit 5.0 Update 7
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 7
Kodak EasyShare software
KSU
LimeWire 4.12.6
Macromedia Flash Player
Mahjong Escape (remove only)
Microsoft .NET Framework 1.1
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (1.0.4)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
Nortel Networks Contivity VPN Client
Notifier
OTtBP
OTtBPSDK
Panda ActiveScan
PCDADDIN
PCDHELP
PCDLNCH
Peachtree Complete Accounting 2003
Photo Album
Picture Package
PokerRoom.com (remove only)
Public Messenger ver 2.03
QuickTime
Security Toolbar
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SFR
SFR2
SimCity 4 Deluxe
SmartUndelete
SnagIt 7
Sony USB Driver
Spybot - Search & Destroy 1.4
Sub Command
Super Word Power
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Upromise remindU
VPRINTOL
Walgreens PhotoShow Express
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Toolbar
ZoneAlarm

Logfile of HijackThis v1.99.1
Scan saved at 1:59:20 AM, on 11/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Upromise_Remind_U\UpromiseRemindU.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Upromise_Remind_U\u11050.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Malware Stuff\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bellsouth.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Brain Codec\isaddon.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UpromiseRemindU] "C:\Program Files\Upromise_Remind_U\UpromiseRemindU.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU. - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7895776056
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - C:\WINDOWS\system32\xxfgmy.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Fishstyx
Regular Member
 
Posts: 27
Joined: December 29th, 2005, 5:51 pm

reply

Unread postby tim s » November 30th, 2006, 9:22 pm

HI Fishstyx,

Thanks for posting logs. I was just in formed that SmitFraudFix v2.125 has been updated to Version 2.126. Sorry but I need you to right click SmitFraudFix v2.125 and choose delete.

Please redo this part again and post log. The last SmitFraudFix log was not complete Please copy and paste entire log. thanks.
Notepad > Edit > Select all > Copy & then past as reply
-----------------------------------------------
Download SmitfraudFix (by S!Ri) fom Here to your Desktop.

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!


Please back:
rapport.txt
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Fishstyx » November 30th, 2006, 10:14 pm

SmitFraudFix v2.126

Scan done at 21:13:25.65, Thu 11/30/2006
Run from C:\Malware Stuff\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\xxfgmy.dll FOUND !





»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SHAD


»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Brain Codec\ FOUND !
C:\Program Files\Virus-Bursters\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{588599f4-de26-4c28-ba14-f4eb17e33481}"="emptins"

[HKEY_CLASSES_ROOT\CLSID\{588599f4-de26-4c28-ba14-f4eb17e33481}\InProcServer32]
@="C:\WINDOWS\system32\xxfgmy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{588599f4-de26-4c28-ba14-f4eb17e33481}\InProcServer32]
@="C:\WINDOWS\system32\xxfgmy.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Fishstyx
Regular Member
 
Posts: 27
Joined: December 29th, 2005, 5:51 pm

reply

Unread postby tim s » December 1st, 2006, 3:26 pm

Hi Fishstyx,

Thank for posting log.

These Add or Remove Program entries corresponds to programs that are either malware, installs malware, or is bundled with malware.

Internet Explorer Security Plugin 2006
Internet Security Add-On
PokerRoom.com (remove only)
Public Messenger ver 2.03
Security Toolbar



If you did not knowing install this your self add to remove program list to be uninstalled.
Upromise remindU

This is for Upromise.com which is a website that helps you save for college for your kids. It is partnered with large corporations that will donate a certain percentage of purchases of their products to a 529 College Fund. The Upromise RemindU is a service that runs and tells you when you are on a partners website, so you can log on and receive the donation.

See www.upromise.com for more information.
--------------------------------------------------------

Please do the following:

Add/Remove Programs
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following:

    Internet Explorer Security Plugin 2006
    Internet Security Add-On
    PokerRoom.com (remove only)
    Public Messenger ver 2.03
    Security Toolbar
    Upromise remindU
    IF you did not intall this yourself.
You will need to reboot computer to complete uninstall.

---------------------------------------------------------

Please do the following:
*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here It will start to download. If ask if you want to download let it. Save to your Desktop.
To clean temp files from your computer
.

  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Follow prompts to install finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," make sure there is check mark in the "Cookies" Box It should already have a check mark. (You will need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to put check in for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.
_______________________________

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.

  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account. Tutorial if needed Here
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________


Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

Please post:
  1. c:\rapport.txt
  2. AVG Anti-Spyware log
  3. A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Fishstyx » December 1st, 2006, 5:23 pm

Tim,
I've run into a problem after I reboot in Safe Mode and then try to run smitfraudfix.cmd. The tool opens and allows me to enter "2" for clean. The tool starts up but then the screen goes all black and nothing happens. The only thing visible is the line on top and the two "Safe Mode" on the bottom left and right of the screen.

I let it sit like that for 15 minutes with no results. Is this normal?

Shad
Fishstyx
Regular Member
 
Posts: 27
Joined: December 29th, 2005, 5:51 pm

reply

Unread postby tim s » December 3rd, 2006, 10:06 am

Hello Fishstyx,

Sorry for the delay on repling. I am checking in to the problem you are having with running smitfraudfix in safemode.
I am waiting on reply from MRU expert to make sure that I have your next post to this problem written correctly for you. Thank you for your patience.

tim s
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

r

Unread postby tim s » December 3rd, 2006, 12:31 pm

Hi Fishstyx,

Please do the following to see what is happening here.


Copy/paste the following quote box (just what is inside the white area of box nothing outside of it) into a new notepad (not wordpad) document. Make sure that wordwrap is turned off.

reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /s >> look.txt
start notepad look.txt


Save it to your Desktop as look.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name:look.bat

Locate look.bat on your Desktop and double-click it. When notepad opens, copy/paste the content in your reply.
-------------------------------------------------------------

Next ... Click Start > Run, and paste the following into the box, then click OK: ( just what is in red)

regedit /e /a C:\show.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot"

That will export the contents of that registry key to C:\show.txt file.

Open c:\show.txt in Notepad and copy/paste the content as a reply.

---------------------------------------------------------------

Please post in next reply:
look.bat results
C:\show.txt file
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Fishstyx » December 3rd, 2006, 4:25 pm

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PROCESSOR_ARCHITECTURE REG_SZ x86
PROCESSOR_LEVEL REG_SZ 15
PROCESSOR_IDENTIFIER REG_SZ x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_REVISION REG_SZ 0204
NUMBER_OF_PROCESSORS REG_SZ 1
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
FP_NO_HOST_CHECK REG_SZ NO
tvdumpflags REG_SZ 8
CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sharedaccess]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
Fishstyx
Regular Member
 
Posts: 27
Joined: December 29th, 2005, 5:51 pm

reply

Unread postby tim s » December 4th, 2006, 7:50 pm

Hello Fishstyx,

Ok we are going to try something different.

Download smitRem.exe, saving the file to your desktop.
  • Double click it to extract the contents to a folder of it's own.
  • Restart your computer in safe mode
  • Open the smitRem folder and double click the RunThis.bat file to start the tool. Follow the prompts on screen and allow disk cleanup to complete.
  • Upon reboot, you can reset your desktop background. Note: XP users using the XP theme may ex-perience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.
------------------------------------------------

Now rebooted in to safe again and do the following:
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________

Run Panda's ActiveScan from here and perform a full system scan.

1. Once you are on the Panda site click the "Scan your PC" button NOTE: If you have a popblocker enable you will have to allow popup here.
2. A new window will open...click the big "Check Now" button
3. Enter your Country
4. Enter your State/Province
5. Enter your e-mail address and click send
6. Select either Home User or Company
7. Click the big Scan Now button
8. If it wants to install an ActiveX component allow it
9. It will start downloading the files it requires for the scan (Note: It will take a couple minutes. You may have to reboot here and start back with step 1. I did.)
10. Click on "Local Disks" to start the scan
11. Post Panda scan results in your next reply with others requested.
------------------------------------------------

Please post:
  1. AVG Anti-Spyware log
  2. A new HijackThis log
  3. Panda's ActiveScan report
Your may need several replies to post the requested logs, otherwise they might get cut off.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Fishstyx » December 5th, 2006, 6:26 pm

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:32:27 PM 12/4/2006

+ Scan result:



C:\System Volume Information\_restore{2773F7A5-A97D-4117-9649-F0BEC6AFD717}\RP188\A0034232.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
G:\Hudgins\Personal\Programs\Date Manager\DateManager.exe -> Adware.Gator : Cleaned with backup (quarantined).
I:\Hudgins\Personal\Programs\Date Manager\DateManager.exe -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Upromise_Remind_U\u11050.exe -> Adware.Rebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2773F7A5-A97D-4117-9649-F0BEC6AFD717}\RP191\A0035075.dll -> Downloader.Zlob.ako : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2773F7A5-A97D-4117-9649-F0BEC6AFD717}\RP187\A0033964.exe -> Downloader.Zlob.aku : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2773F7A5-A97D-4117-9649-F0BEC6AFD717}\RP187\A0033963.exe -> Downloader.Zlob.ec : Cleaned with backup (quarantined).
:mozilla.128:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.129:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.130:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.131:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.132:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.133:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.134:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.135:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.136:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.137:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.138:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.139:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.140:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.141:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.154:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.313:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.103:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Addynamix : Error during cleaning.
:mozilla.104:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning.
:mozilla.105:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning.
:mozilla.33:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.34:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.35:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.36:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.51:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.52:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.53:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.99:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Atdmt : Error during cleaning.
:mozilla.372:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Bfast : Error during cleaning.
:mozilla.178:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Bluestreak : Error during cleaning.
:mozilla.249:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Bridgetrack : Error during cleaning.
:mozilla.250:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Bridgetrack : Error during cleaning.
:mozilla.251:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Bridgetrack : Error during cleaning.
:mozilla.252:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Bridgetrack : Error during cleaning.
:mozilla.202:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Burstbeacon : Error during cleaning.
:mozilla.203:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Burstnet : Error during cleaning.
:mozilla.204:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Burstnet : Error during cleaning.
:mozilla.205:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Burstnet : Error during cleaning.
:mozilla.73:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.75:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.76:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.77:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.78:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.79:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.80:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
:mozilla.25:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning.
:mozilla.82:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.83:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.86:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.91:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.92:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.160:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Googleadservices : Error during cleaning.
:mozilla.167:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Googleadservices : Error during cleaning.
:mozilla.253:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Googleadservices : Error during cleaning.
:mozilla.322:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Googleadservices : Error during cleaning.
:mozilla.342:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Googleadservices : Error during cleaning.
:mozilla.377:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Googleadservices : Error during cleaning.
:mozilla.404:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Googleadservices : Error during cleaning.
:mozilla.215:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.216:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.217:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.262:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.263:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.368:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
:mozilla.188:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitslink : Error during cleaning.
:mozilla.189:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitslink : Error during cleaning.
:mozilla.190:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitslink : Error during cleaning.
:mozilla.191:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitslink : Error during cleaning.
:mozilla.165:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Liveperson : Error during cleaning.
:mozilla.166:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Liveperson : Error during cleaning.
:mozilla.186:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Liveperson : Error during cleaning.
:mozilla.187:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Liveperson : Error during cleaning.
:mozilla.192:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Mediaplex : Error during cleaning.
:mozilla.373:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Myaffiliateprogram : Error during cleaning.
:mozilla.374:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Myaffiliateprogram : Error during cleaning.
:mozilla.417:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Myaffiliateprogram : Error during cleaning.
:mozilla.418:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Myaffiliateprogram : Error during cleaning.
:mozilla.145:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Overture : Error during cleaning.
:mozilla.146:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Overture : Error during cleaning.
:mozilla.285:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Overture : Error during cleaning.
:mozilla.123:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning.
:mozilla.124:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning.
:mozilla.125:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning.
:mozilla.126:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning.
:mozilla.127:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Pointroll : Error during cleaning.
:mozilla.278:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Questionmarket : Error during cleaning.
:mozilla.279:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Questionmarket : Error during cleaning.
:mozilla.280:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Questionmarket : Error during cleaning.
:mozilla.281:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning.
:mozilla.282:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning.
:mozilla.283:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning.
:mozilla.222:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning.
:mozilla.223:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning.
:mozilla.224:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning.
:mozilla.225:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning.
:mozilla.108:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.
:mozilla.109:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.
:mozilla.110:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.
:mozilla.111:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.
:mozilla.354:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.
:mozilla.119:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning.
:mozilla.120:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning.
:mozilla.121:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning.
:mozilla.158:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Valueclick : Error during cleaning.
:mozilla.159:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Valueclick : Error during cleaning.
:mozilla.411:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Web-stat : Error during cleaning.
:mozilla.412:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Web-stat : Error during cleaning.
:mozilla.413:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Web-stat : Error during cleaning.
:mozilla.157:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Webtrendslive : Error during cleaning.
:mozilla.81:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.84:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.85:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.87:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.88:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.89:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.90:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.
:mozilla.194:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Zedo : Error during cleaning.
:mozilla.197:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Zedo : Error during cleaning.
:mozilla.198:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Zedo : Error during cleaning.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 5:24:07 PM, on 12/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Upromise_Remind_U\UpromiseRemindU.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Malware Stuff\Hijack this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bellsouth.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Brain Codec\isaddon.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UpromiseRemindU] "C:\Program Files\Upromise_Remind_U\UpromiseRemindU.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU. - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7895776056
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/Rite ... Online.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Incident Status Location

Adware:adware/cws Not disinfected C:\Documents and Settings\All Users\Favorites\NEW VIAGRA at Half Price!.url
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Shad & Judy\Application Data\Mozilla\Firefox\Profiles\cdumdpn2.default\Cache\3EFBEAA3d01[smitRem/Process.exe]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Shad & Judy\Cookies\shad & judy@atdmt[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Shad & Judy\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Shad & Judy\Desktop\smitRem.exe[smitRem/Process.exe]
Possible Virus. Not disinfected C:\fixwareout\FindT\swreg.exe
Possible Virus. Not disinfected C:\Malware Stuff\Hijack this\backups\backup-20060226-230130-924-KVG.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Malware Stuff\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Malware Stuff\smitRem\Process.exe
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.doubleclick.net/]
Spyware:Cookie/Peel Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.peel.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.advertising.com/]
Spyware:Cookie/Peel Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.peel.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.atdmt.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.ads.addynamix.com/]
Spyware:Cookie/Adserver Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.z1.adserver.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.tribalfusion.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.ads.pointroll.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.overture.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][statse.webtrendslive.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.valueclick.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][server.iad.liveperson.net/hc/13703585]
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.bluestreak.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][server.iad.liveperson.net/hc/9946950]
Spyware:Cookie/Hitslink Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][counter.hitslink.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.mediaplex.com/]
Spyware:Cookie/Zedo Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.zedo.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.burstnet.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.ehg.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.hitbox.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.serving-sys.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][citi.bridgetrack.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.questionmarket.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.perf.overture.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.phg.hitbox.com/]
Spyware:Cookie/Bfast Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.bfast.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][www.myaffiliateprogram.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.www.myaffiliateprogram.com/]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_[cookies.txt][.belnk.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\swreg.exe
Fishstyx
Regular Member
 
Posts: 27
Joined: December 29th, 2005, 5:51 pm

reply

Unread postby tim s » December 6th, 2006, 11:40 am

Hello Fishstyx,

Thanks for posting logs. We are making progress now. You have alot of infected cookies in Firefox that we need to clean out.
There are some things we need to do before we clean out cookies.

Delete these tools and thier zip files or exe files they came with. These versions of tools update so quickly no reason to keep them:
SmitfraudFix
smitRem.exe
C:\fixwareout

---------------------------------------------------

Please do the following:

Disable program can interfer with HJT fix.
  • Right-click the AVG Anti-Spyware 7.5 Tray Icon (on bottom right corner of monitor screen) and choose Exit. Confirm by clicking Yes.

-------------------------------------------------------

To enable the viewing of Hidden files follow these steps:
  1. Close all programs so that you are at your desktop.
  2. Double-click on the My Computer icon (or click Start, then select My Computer)
  3. Select the Tools menu and click Folder Options.
  4. After the new window appears select the View tab.
  5. Put a checkmark in the checkbox labeled Display the contents of system folders.
  6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
  9. Press the Apply button and then the OK button and shutdown My Computer.
    Now your computer is configured to show all hidden files.
-------------------------------------------------------

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):

    O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Brain Codec\isaddon.dll (file missing)


WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit HijackThis.
------------------------------------------------------

Use Explorer to navigate to and delete the following file and folder (if they are present) just what is in red:

Files:

  • C:\Documents and Settings\All Users\Favorites\ NEW VIAGRA at Half Price!.url


Folders:

  • C:\Program Files\Brain Codec

Reboot computer
-----------------------------------------------------

Here we are going to clean out cookies

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here It will start to download. If ask if you want to download let it. Save to your Desktop.
To clean temp files from your computer
.

  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Follow prompts to install finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," make sure there is check mark in the "Cookies" Box It should already have a check mark. (You will need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to put check in for "Cookies" is on the Applications tab, under Firefox/Mozilla. If already checked move to next step.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.
  • You will need to reboot here if not ask to do so. <<<< When you reboot boot into safemode again.
-----------------------------------------------------------

Now rerun AVG Anti-Spyware same as before and save report.
when finished boot back to normal mode.
------------------------------------------------------------

Your version of Java is now outdated. Java vulnerabilites are commonly exploited by viruses. You need to update.

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10
  • Scroll down to where it says "Java Runtime Environment (JRE) 5.0 Update 10".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Click Start>Run type in appwiz.cpl and hit Enter and remove all older versions of Java.
  • Remove any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_10-windowsi586-p.exe to install the newest version.

---------------------------------------------------------

Please post in next reply:
c:\smitfiles.txt <<<<<< from smitRem scan I forgot to ask to see in last post
AVG Anti-Spyware log
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 284 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware