Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

pleaseeee help... W32.Sinnaka.A@mm

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

pleaseeee help... W32.Sinnaka.A@mm

Unread postby maxthomas » November 7th, 2005, 3:53 pm

i have this viryus and need an experts hand, please help

W32.Sinnaka.A@mm

this is my whole logfile!

Logfile of HijackThis v1.99.1
Scan saved at 19:39:15, on 07/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvctrl.exe
C:\WINDOWS\SYSTEM32\mssearchnet.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\MSGSR.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\msnsms.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Max\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1 ... ErMwYdS9Q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\System32\hpBD83.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÃ
maxthomas
Regular Member
 
Posts: 16
Joined: November 7th, 2005, 3:40 pm
Advertisement
Register to Remove

Unread postby Piney » November 8th, 2005, 1:07 pm

Hello maxthomas and welcome to Malware Removal forum. I will help you with your problem :) Give me a bit of time to look over your log and I'll be back as soon as possible.
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm

thank you

Unread postby maxthomas » November 10th, 2005, 5:01 am

thank you very much for helping me
maxthomas
Regular Member
 
Posts: 16
Joined: November 7th, 2005, 3:40 pm

Unread postby Piney » November 10th, 2005, 8:48 pm

Time to roll up our sleeves and get to work!

I need for you to download some programs. Do not use them until directed to do so.

Go to: http://noahdfear.geekstogo.com/clickcou ... k.php?id=1 to download smitRem.exe.
Extract it to it's own folder on your desktop (Right-click on an empty space on your desktop, choose New...Folder. Name it smitRem.

Next, go to: http://download.ewido.net/ewido-setup.exe
" Install Ewido Security Suite
" When installing, under "Additional Options" uncheck..
o Install background guard
o Install scan via context menu
" Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
" On the left hand side of the main screen click update.
" Then click on Start Update.
The update will start and a progress bar will show the updates being installed.

If you are having problems with the updater, you can use this link to manually update Ewido
http://www.ewido.net/en/download/updates/
When you have finished updating, EXIT Ewido.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes.
There should not be any opened browsers when you are carrying out the procedures below.
You will want to copy out these instructions and save them to notepad as you will not have internet connection during the fix.
Save the notepad to your desktop where you can find it.

Click on Start>>>Run and type into the box: services.msc click OK
In the page that opens, scroll down and find:
Windows Configuration Loader
Right click on file, and choose Properties
Click Stop under Service status
From the dropdown menu under the heading Startup Type, choose Disable
Click Apply and click OK

Remaining in the Services page, do the same steps with this one:
Hardware Clock Driver
When finished, close the Services page.

Shut down your computer. Remove Internet access by disconnecting your cable from the computer.

Start up your computer, after the first 'beep' begin tapping on the F8 key. A black menu page will appear.
Use your arrow keys to choose Safe Mode (without networking!)
Click on the Enter key.
Your desktop will appear, although it will be very distorted. The words Safe Mode will be in each corner of the desktop.

We need to open up hidden files and folders. Click Start>>>>Control Panel>>>>Folder Options and double click.
Under the View tab scroll down to Hidden Files and Folders
Check Show hidden files and folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended} Answer Yes
Click Apply and click OK

While still in Control Panel, double click on Add/Remove Programs.
Look for and uninstall: IST bar/ISTsvc
You will be prompted to reboot, choose NO

To make scanning easier and quicker, let's get rid of some temp files.
Click Start>>>>Run and type in the box: cleanmgr.exe click OK
Let the application scan your computer, then make sure these 3 are checkmarked:
Temporary Files
Temporary Internet Files
Recycle Bin

click OK and when finished, close the application.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
"Perform action on all infections"
Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop.

Now open the smitRem folder, double-click on the the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Please post that log along with all others requested in your next reply.

Open HJT and scan. Place a check/tick next to these items (if present):
[b][color=red]R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [¢‰¸u0-4C }ïÃ
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm

Unread postby Piney » November 11th, 2005, 8:38 pm

We have a great team here :) I'd missed some that need to be taken care of.

oopsie, I need for you to add these to the fix:

In HJT, find and delete (if present} these additional lines:
O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\System32\hpBD83.tmp
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba2218.exe

With nothing open except HJT, click the Fix Checked button.

You also need to find and delete every instance of these files:
atidrvxx.exe
cstr.exe
winupdatexx.exe
MSNSRV32.exe
MSNGRx.exe
Sygate32.exe
msnsgn.exe
rtsal.exe
ZoneX.exe
svmhost.exe
winasp.exe

You will need to find them via Start>>>Search>>>Files/Folders
click on All files and folders
Choose the Hard Drive ( C: ) and enter each name into the box for file name. This is best done in Safe Mode, so you will need to copy the list and save to notepad on your desktop so you can find it.
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm

...

Unread postby maxthomas » November 12th, 2005, 3:09 am

thanks, i am trying to go on to Windows Configuration Loader and it loads up then closes instantly, it also does this whenever i try to access device manager!! do u know what is causing this?

Max
maxthomas
Regular Member
 
Posts: 16
Joined: November 7th, 2005, 3:40 pm

Unread postby Piney » November 12th, 2005, 3:28 am

Your system is very compromised. Let me get one of the experts to take a look-see.
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm

Unread postby Piney » November 12th, 2005, 12:05 pm

Max tell me what you mean by Windows Configuration loader, please. Have you been able to do the downloads?
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm

...

Unread postby maxthomas » November 13th, 2005, 3:45 am

i got the downloads but on one of the furthur steps you tell me to go to windows configuration loader, i do so and it pops up , then disappears straight away!! (it also does that with windows device manager)
and i cant get any furthur than that step as it wont let me get into windows configuration loader.

Thanks for your time.

Max
maxthomas
Regular Member
 
Posts: 16
Joined: November 7th, 2005, 3:40 pm

...

Unread postby maxthomas » November 13th, 2005, 3:52 am

O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: Windows Configuration Loader - Unknown owner - C:\WINDOWS\svchost.exe (file missing)


these 2 below were on my log, is this why i cant acess device manager and windows configuration loader???
maxthomas
Regular Member
 
Posts: 16
Joined: November 7th, 2005, 3:40 pm

Unread postby Piney » November 13th, 2005, 4:10 am

I wrote for you to disable the Windows Configuration Service by going to Start then Run, and typing in services.msc.

Is it the Services page that won't stay open for you? If so, go on with the next bunch of steps. You will be offline for all that I listed, until you have run the tools, deleted the files and folders, so the Services "Stop/Disable" steps could be done after you have done the cleaning with the tools I had you download, and deleted the programs and files.

While you are in safe mode, you can try to go to the Services and stop those.

Max, I know this has you frustrated and concerned!

Just copy out the instructions and do the steps (leaving the services part until you are in safe mode.}

Work carefully so you don't delete the wrong items. I would strongly urge you to not use your computer for going online, until you have finished the steps I outlined for you.
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm

..

Unread postby maxthomas » November 13th, 2005, 4:17 am

cheers mate, what is hjt by the way?
maxthomas
Regular Member
 
Posts: 16
Joined: November 7th, 2005, 3:40 pm

Unread postby Piney » November 13th, 2005, 4:45 am

I'm sorry HJT=HijackThis
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm

...

Unread postby maxthomas » November 13th, 2005, 6:55 am

HJT SCAN FILE

Logfile of HijackThis v1.99.1
Scan saved at 10:53:27, on 13/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Max\Desktop\pcc_14_win_en.exe
C:\Program Files\Trend Micro\PCC2006_1400_1341\Setup\setup.exe
C:\Program Files\Trend Micro\PCC2006_1400_1341\Setup\pcc.exe
C:\WINDOWS\System32\MSIEXEC.EXE
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Documents and Settings\Max\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\RunServices: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap ... loader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/mi ... Loader.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/defaul ... online.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.co.uk/downloads/BUM/BU ... ofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/w ... der_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba2218.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe



ewido scan

--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:09:24, 13/11/2005
+ Report-Checksum: 68687832

+ Scan result:

C:\Documents and Settings\Max\Cookies\max@e-2dj6wjmiegc5oaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\hpB68E.tmp -> Spyware.Hijacker.Generic : Cleaned with backup


::Report End



smit files report


smitRem © log file
version 2.7

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: 13/11/2005
The current time is: 10:10:23.54

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Center.url


~~~ Favorites ~~~



~~~ system32 folder ~~~

msvol.tlb
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~





Seems to be working ok, hope these scans are now clean?


Thank youuuuu

Max
maxthomas
Regular Member
 
Posts: 16
Joined: November 7th, 2005, 3:40 pm

Unread postby Piney » November 13th, 2005, 1:34 pm

Let me check it over, I've not got my eyes open yet :roll:

Is the computer working better? Any problems with going into device manager now?

Did you have any problem working through the list of things I gave you to do? Other than what you posted before, were there any other problems?

Is your firewall and AVG working with no problem now?

Let me look over the log and I'll get back to you :)
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 278 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware