Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected with VirusBurster, Help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Fishstyx » December 6th, 2006, 9:41 pm

smitRem © log file
version 3.2

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Mon 12/04/2006
The current time is: 19:17:04.85

Running from
C:\Malware Stuff\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe (C)2000-2004 Markus Stephany
REGEDIT4

[Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP Firewall allowed access

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Nortel Networks\\Extranet.exe"="C:\\Program Files\\Nortel Networks\\Extranet.exe:*:Enabled:Contivity VPN Client"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\vypiqvsr.exe"="C:\\WINDOWS\\system32\\vypiqvsr.exe:*:Disabled:vypiqvsr"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~

Download Free Spyware Remover.url


~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 764 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN! :)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:20:14 PM 12/6/2006

+ Scan result:



G:\System Volume Information\_restore{2773F7A5-A97D-4117-9649-F0BEC6AFD717}\RP194\A0035474.exe -> Adware.Gator : No action taken.
I:\System Volume Information\_restore{2773F7A5-A97D-4117-9649-F0BEC6AFD717}\RP194\A0035475.exe -> Adware.Gator : No action taken.
C:\System Volume Information\_restore{2773F7A5-A97D-4117-9649-F0BEC6AFD717}\RP194\A0035473.exe -> Adware.Rebates : No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : No action taken.
:mozilla.128:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.129:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.130:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.131:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.132:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.133:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.134:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.135:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.136:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.137:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.138:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.139:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.140:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.141:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.154:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.313:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.103:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.104:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.105:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.33:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.34:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.35:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.36:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.51:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.52:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.53:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.99:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.372:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.178:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.249:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.250:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.251:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.252:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.202:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.203:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.204:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.205:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.73:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.75:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.76:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.77:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.78:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.79:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.80:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.25:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.82:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.83:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.86:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.91:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.92:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.160:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.167:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.253:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.322:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.342:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.377:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.404:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.215:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.216:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.217:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.262:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.263:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.368:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.188:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.189:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.190:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.191:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.165:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.166:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.186:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.187:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.192:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.373:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.374:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.417:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.418:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.145:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.146:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.285:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.123:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.124:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.125:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.126:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.127:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.278:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.279:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.280:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.281:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.282:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.283:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.222:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.223:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.224:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.225:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.108:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.109:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.110:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.111:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.354:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.119:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.120:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.121:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.158:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.159:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.411:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.412:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.413:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.157:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.81:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.84:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.85:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.87:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.88:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.89:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.90:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.194:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.197:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.198:C:\Program Files\support.com\backup\co\cookies.txt\50957_599b56090_/cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 8:40:03 PM, on 12/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Upromise_Remind_U\UpromiseRemindU.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Malware Stuff\Hijack this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bellsouth.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UpromiseRemindU] "C:\Program Files\Upromise_Remind_U\UpromiseRemindU.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU. - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail ... nPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7895776056
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/Rite ... Online.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Fishstyx
Regular Member
 
Posts: 27
Joined: December 29th, 2005, 5:51 pm
Advertisement
Register to Remove

reply

Unread postby tim s » December 7th, 2006, 8:32 pm

Hello Fishstyx,

Thanks for posting logs. You still have a lot of infected cookies that were not removed.

Where you able to run Ccleaner?

We will clean the cookies out manually. Please do the following:
  • Click on tools at top of FireFox screen.
  • Choose Clear private date
  • Put a check mark in box next to cookies and Cache if it does not already have one.
  • Click clear private date now button.

-------------------------------------------------------------

When you ran AVG antispyware no action was taken those were not fixed.

I will need you to rerun scan and be careful to click Apply all Actions button before save report button
We will try this in normal mode this time.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
------------------------------------------------------------------

Please post in next reply:
AVG Anti-Spyware
new HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Fishstyx » December 8th, 2006, 8:14 am

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:06:10 AM 12/8/2006

+ Scan result:



G:\System Volume Information\_restore{2773F7A5-A97D-4117-9649-F0BEC6AFD717}\RP194\A0035474.exe -> Adware.Gator : Cleaned with backup (quarantined).
I:\System Volume Information\_restore{2773F7A5-A97D-4117-9649-F0BEC6AFD717}\RP194\A0035475.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2773F7A5-A97D-4117-9649-F0BEC6AFD717}\RP194\A0035473.exe -> Adware.Rebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).


::Report end



Logfile of HijackThis v1.99.1
Scan saved at 7:13:53 AM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Upromise_Remind_U\UpromiseRemindU.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Malware Stuff\Hijack this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bellsouth.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UpromiseRemindU] "C:\Program Files\Upromise_Remind_U\UpromiseRemindU.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU. - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail ... nPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7895776056
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/Rite ... Online.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Fishstyx
Regular Member
 
Posts: 27
Joined: December 29th, 2005, 5:51 pm

reply

Unread postby tim s » December 8th, 2006, 1:45 pm

Hello Fishstyx,
Great job!

This is my normal post for when you are clear - which you now are - or seem to be. Please advise of any problems you still have :-

You can go back and rehide system files:
  1. Close all programs so that you are at your desktop.
  2. Double-click on the My Computer icon (or click Start, then select My Computer)
  3. Select the Tools menu at top of this screen and click Folder Options.
  4. After the new window appears select the View tab.
  5. Remove checkmark in the checkbox labeled Display the contents of system folders.
  6. Under the Hidden files and folders section select the radio button(round circle) labeled Do not Show hidden files and folders.
  7. Put a checkmark in the checkbox labeled Hide file extensions for known file types.
  8. Put a checkmark in the checkbox labeled Hide protected operating system files.
  9. Press the Apply button and then the OK button and shutdown My Computer.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to enable and re enable system restore here:
    Managing Windows Millennium System Restore
    or
    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above
  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.

      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialise and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus
  4. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  8. Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Stand up and be Counted.
NOW is the time you can start to hit back at the people who infected you.
Image
Please take the time to go and complain - that forum has a topic for your infection which is ................ please post as a reply, you do not need to register to do so (but you can if you wish). It will also have a list of other places you can go to to register your complaint, depending on the country you are resident in. Please read the topics and complain, it is only with such complaints to goverment or government agances that something will get done.


May your God go with you..
tim s
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Fishstyx » December 8th, 2006, 5:25 pm

Tim,
Thanks so much. You guys do great work here. Very much appreciate all your time and effort.

Shad
Fishstyx
Regular Member
 
Posts: 27
Joined: December 29th, 2005, 5:51 pm

reply

Unread postby tim s » December 8th, 2006, 5:29 pm

You are welcome and I am glad we were able to help :)

Safe surfin'
Image
tim
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby NonSuch » December 10th, 2006, 2:04 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware