Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My computer is infected and I need major Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My computer is infected and I need major Help

Unread postby Biggstone78 » May 2nd, 2006, 10:24 am

I have done the required things and have also ran ad-aware se, spy bot, trojan hunter, ewido, spydoctor and a few online scans as well. I still can't get them to fix my computer. I am also running Trend Micros pc-cillin.

Here is the Hijack this log


Logfile of HijackThis v1.99.1
Scan saved at 9:20:51 AM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Common Files\AOL\1142990364\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\atmclk.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R3 - Default URLSearchHook is missing
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp924E.tmp
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {85F40861-0C59-47E9-8C3E-D9D6544528BB} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142990364\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\system32\MANTEC~1\notepad.exe" -vt yax
O4 - HKCU\..\Run: [Eba] C:\Documents and Settings\Anthony L. Whetstone\My Documents\?racle\d?xplore.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\OFFICE11\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2035975366
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleAc ... refid=1162
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3913.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: windvw32 - windvw32.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Biggstone78
Active Member
 
Posts: 10
Joined: May 2nd, 2006, 10:07 am
Advertisement
Register to Remove

Unread postby Rogue » May 2nd, 2006, 5:53 pm

Hi Biggstone78,

Welcome to Malware Removal Forums.

As we work together to resolve you problem please read the instructions carefully.
If you have questions please don't hesitate to ask.
The instructions I give are specific to your current problem and should not be used on other problems.
Post your replies to this thread.
Please continue to follow this thread until I have given you an "All Clean." Your intial symptoms may be gone but other issues may be present.
====================

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Desktop. A folder named SmitfraudFix should be created on your Desktop.
====================

Open Ewido Anti-Malware

Check for updates
The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

Do not run it yet
====================

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
Please post rapport.txt along with a new HJT log in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm[/

Please post the following in your reply:
rapport.txt
New HJT Log

Thanks,
Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Biggstone78 » May 2nd, 2006, 7:51 pm

ok here re the new logs. And thank you for taking the time to help me!!!!!


SmitFraudFix v2.37

Scan done at 18:48:02.17, Tue 05/02/2006
Run from C:\Documents and Settings\Anthony L. Whetstone\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Anthony L. Whetstone\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ANTHON~1.WHE\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!! Attention, follow keys are not inevitably infected !!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



Logfile of HijackThis v1.99.1
Scan saved at 6:51:17 PM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Common Files\AOL\1142990364\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\atmclk.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R3 - Default URLSearchHook is missing
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpBD73.tmp
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {85F40861-0C59-47E9-8C3E-D9D6544528BB} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142990364\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\system32\MANTEC~1\notepad.exe" -vt yax
O4 - HKCU\..\Run: [Eba] C:\Documents and Settings\Anthony L. Whetstone\My Documents\?racle\d?xplore.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\OFFICE11\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2035975366
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleAc ... refid=1162
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3913.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: windvw32 - windvw32.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Biggstone78
Active Member
 
Posts: 10
Joined: May 2nd, 2006, 10:07 am

Unread postby Rogue » May 2nd, 2006, 8:13 pm

Hi Biggstone,

Please print the instructions below or copy and paste to Notepad since you will not have internet access while in safe mode.
Then reboot your computer
As soon as it starts to boot, rapidly press the f8 key.
Select Safe Mode from the menu
If you are still unsure, see here
=====================

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
=====================

Please go to:
Start
Control panel
Add/Remove programs

Find and remove these programs (if they are present)

ClickSpring
PuritySweep
PurityScan

(If some programs listed are not present, please do not panic)
===================

Start HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {85F40861-0C59-47E9-8C3E-D9D6544528BB} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKCU\..\Run: [Eba] C:\Documents and Settings\Anthony L. Whetstone\My Documents\?racle\d?xplore.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleAc ... refid=1162
O20 - Winlogon Notify: windvw32 - windvw32.dll (file missing)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\OFFICE11\OSA.EXE <<<OPTIONAL is a known resource hog

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

=====================

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete the following files (some may not be present after previous steps):

C:\Documents and Settings\Anthony L. Whetstone\My Documents\?racle\d?xplore.exe

====================

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

====================

Run ewido Malware Remover that you dowloaded earlier.

Click on Scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says 'Perform action with all infections' then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report - click it.
Save the report.txt file to your desktop.

Now close ewido security suite.

Warning: While the scan is in progress, DO NOT open any folders or the Windows Control Panel !!
====================

Reboot your PC in Normal Mode

====================

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note: If you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

====================

Please do an online scan with Kaspersky Online Scanner using Internet Explore

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.


====================

Please post:
c:\rapport.txt
Ewido log
A new HijackThis log
Kaspersky scan results

You may need multiple post since some logs can be long.

Thanks,
Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Biggstone78 » May 2nd, 2006, 10:57 pm

Wow that took some time!!! lol again thanks soooo much!!! Here are the logs you asked for. I'll make a different post for each log.

Rapport.txt

SmitFraudFix v2.37

Scan done at 19:35:32.93, Tue 05/02/2006
Run from C:\Documents and Settings\Anthony L. Whetstone\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\1024\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End
Biggstone78
Active Member
 
Posts: 10
Joined: May 2nd, 2006, 10:07 am

Unread postby Biggstone78 » May 2nd, 2006, 10:57 pm

This is the Ewido Log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:54:14 PM, 5/2/2006
+ Report-Checksum: C00B2C3B

+ Scan result:

:mozilla.83:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.400:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Linkbuddies : Cleaned with backup
:mozilla.506:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.507:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.508:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.617:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.618:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.619:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.620:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.621:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.622:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.623:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.624:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.625:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.626:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.627:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\WINDOWS\system32\twain32.dll.tcf -> Not-A-Virus.Hoax.Win32.Renos.cu : Cleaned with backup
C:\WINDOWS\system32\windvw32.dll.tcf -> Trojan.Agent.qt : Cleaned with backup


::Report End
Biggstone78
Active Member
 
Posts: 10
Joined: May 2nd, 2006, 10:07 am

Unread postby Biggstone78 » May 2nd, 2006, 10:59 pm

This is the New hijackthis log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:54:14 PM, 5/2/2006
+ Report-Checksum: C00B2C3B

+ Scan result:

:mozilla.83:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.400:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Linkbuddies : Cleaned with backup
:mozilla.506:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.507:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.508:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.617:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.618:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.619:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.620:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.621:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.622:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.623:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.624:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.625:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.626:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.627:C:\Documents and Settings\Anthony L. Whetstone\Application Data\Mozilla\Firefox\Profiles\m08haidw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\WINDOWS\system32\twain32.dll.tcf -> Not-A-Virus.Hoax.Win32.Renos.cu : Cleaned with backup
C:\WINDOWS\system32\windvw32.dll.tcf -> Trojan.Agent.qt : Cleaned with backup


::Report End
Biggstone78
Active Member
 
Posts: 10
Joined: May 2nd, 2006, 10:07 am

Unread postby Biggstone78 » May 2nd, 2006, 11:01 pm

oops i post the wrong one sorry!!!

Logfile of HijackThis v1.99.1
Scan saved at 9:53:10 PM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\AOL\1142990364\ee\AOLSoftware.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142990364\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\system32\MANTEC~1\notepad.exe" -vt yax
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2035975366
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3913.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Biggstone78
Active Member
 
Posts: 10
Joined: May 2nd, 2006, 10:07 am

Unread postby Biggstone78 » May 2nd, 2006, 11:02 pm

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, May 02, 2006 9:51:50 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 3/05/2006
Kaspersky Anti-Virus database records: 191198
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 72838
Number of viruses found: 11
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 00:37:25

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0005102.exe Infected: Trojan-Downloader.Win32.PurityScan.bt skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0005177.exe Infected: Trojan-Downloader.Win32.Zlob.mx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0005180.exe Infected: Trojan-Downloader.Win32.Zlob.mw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0005198.exe Infected: not-a-virus:Downloader.Win32.DigStream skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0005199.exe Infected: Trojan-Downloader.Win32.PurityScan.bj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0005200.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.w skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0005318.dll Infected: not-virus:Hoax.Win32.Renos.cu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0005324.exe/data0002 Infected: not-a-virus:AdWare.Win32.MediaTickets.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0005324.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0005324.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0005325.exe/data0013 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0005325.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\regperf.exe Infected: Trojan-Downloader.Win32.Zlob.my skipped

Scan process completed.
Biggstone78
Active Member
 
Posts: 10
Joined: May 2nd, 2006, 10:07 am

Unread postby Rogue » May 3rd, 2006, 11:59 am

Hi Biggstone78,

Looking good so far. Yes it can take some time for those scans depending on drive size and what they find.
We have some minor items to take care of and you are good to go.

Using Windows Explore by right-clicking the Start button and left clicking. Explore navigate to and find the following files: if found, delete the following files (some may not be present after previous steps):

C:\WINDOWS\system32\regperf.exe

====================

This is my post for when you are all clean - which you seem to be.

We have some general cleanup to do also and then let’s secure your system.

You can Uninstall or delete the following tools or files.

SmitfraudFix.zip from your desktop
SmitfraudFix folder
rapport.txt

These were problem specific and were not intended for everyday use.

Optional tool to remove:
Kapersky Online AV from add/remove programs. Will detect but will not remove.
HighJackThis, this will need to be installed if you ever have problems and seek help in this or other forums.
Ewido, this is a great scanner and will work in conjunction with some other I have listed below. After the 14 day trial it willbe required as with most scanners to update the database prior to scanning.

Empty the recycle bin.


Hide System Files
1. Click Start.
2. Open My Computer .
3. SelectTools menu
4. Click Folder Options.
5. Select the View Tab.
6. Uncheck Show hidden files and foldersin the Hidden files and folders section.
7. Select Hide protected operating system files (recommended) option.
8. Check the Hide file extensions for known file types option.
9. Click Yes.
10. Click OK.

I want to give you a fresh start and so I need to clear and reset your system restore and the instructions for cleaning that are below.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer

    Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Un-Check Turn off System Restore.
    Click Apply, and then click OK.


    Please take a minute and complain against those who gave you smitfraud. You can file this complaint at malwarecomplaints.info or click on the Malware Complaints icon in my signature.


    And that's all. But to help protect you against further infections, and also to help prevent criminals using your computer to infect other people's computers on the web, I recommend the following: (You may already have some of the items)

    Make your Internet Explorer more secure - This can be done by following these simple instructions:
      From within Internet Explorer click on the Tools menu and then click on Options.
      Click once on the Security tab
      Click once on the Internet icon so it becomes highlighted.
      Click once on the Custom Level button.

      Change the Download signed ActiveX controls to Prompt
      Change the Download unsigned ActiveX controls to Disable
      Change the Initialize and script ActiveX controls not marked as safe to Disable
      Change the Installation of desktop items to Prompt
      Change the Launching programs and files in an IFRAME to Prompt
      Change the Navigate sub-frames across different domains to Prompt
      When all these settings have been made, click on the OK button.
      If it prompts you as to whether or not you want to save the settings, press the Yes button.

      Next press the Apply button and then the OK to exit the Internet Properties page.

      Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
      Click here for more information on -> Computer Safety On line - Anti-Virus

      I would recommend Grisofts© AVG or AVAST©. As these are the more secure and since they will block both in and out traffic.

      Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

      Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
      Click here for more information on -> Computer Safety On line - Software Firewalls

      I would recommend ZoneAlarm© as a firewall as it's easy to use. But for a more secure firewall, Sunbelts Kerio© is the one.

      Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

      Set up system to ensure a regular update of the Operating System.

      Automatically:
      On the Desktop, right-click My Computer.
      Click Properties.
      Click on Automatic Updates
      Check the option of choice (I use Automatic (Recommended)). If you use dial-up I would recommend using the
      Notify Me option so that you can download when you can afford the time and bandwidth overheads.
      Select the Day/Time of choice
      Click Apply
      Click OK


Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Install Spybot© - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here: Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Lavasofts© Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Javacools© SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here: Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and you are less susceptible to attacks.

Safe Surfing,

Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Biggstone78 » May 3rd, 2006, 1:30 pm

Thank you very much I am at work right now so I will do the rest of this when I get home.

I have already call the attorney General for my statwe and lodged a complaint. I was told that i was not th e only call about this subject and that they are working on it!!!

Thank you again and If I need more help I know where to come!!!!
Biggstone78
Active Member
 
Posts: 10
Joined: May 2nd, 2006, 10:07 am

Unread postby Rogue » May 3rd, 2006, 1:49 pm

Glad we could be of service. let me know later on if there is anything else. I'll leave this open for a day or so.

I have already call the attorney General for my statwe and lodged a complaint. I was told that i was not th e only call about this subject and that they are working on it!!!


Glad to hear it. we need more voices if we are going to make a difference.

Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Biggstone78 » May 3rd, 2006, 8:31 pm

Does this mean i still have JUNK on my computer???



Real-time Scan
Trend Micro PC-cillin Internet Security has detected a virus, spyware application, or other Internet threat, and performed the action specified.

Infected file: C:\WINDOWS\system32\regperf.exe
Virus name: TROJ_ZLOB.OB
User name: Anthony L. Whetstone
Scan action result: Deleted.
Note: If Search for and clean Trojans is enabled and is executed after scanning, you can click Next to view final scan result information.
Biggstone78
Active Member
 
Posts: 10
Joined: May 2nd, 2006, 10:07 am

Unread postby Rogue » May 3rd, 2006, 9:14 pm

At the top of my "All Clean" post I asked you to navigate and delete the file. Did you do that and then perform the Trend Micro scan?
Just asking because I would hate to think it return.

Infected file: C:\WINDOWS\system32\regperf.exe
Virus name: TROJ_ZLOB.OB
User name: Anthony L. Whetstone
Scan action result: Deleted.
Note: If Search for and clean Trojans is enabled and is executed after scanning, you can click Next to view final scan result information.


Trend Mirco say's it gone.

There are two files associated with Troj_Zlob.ob. For ease of mind if you would like we can to do a search.
Click Start | Search | For Files and Folders.
Expand Search Options, check Advanced Options, check Search system folders, Search hidden files and folders, and Search Subfolders.
Paste these files below into the Search for files and folders named box:

wininet.dll, regperf.exe

Both should be found in C:\WINDOWS\system32. If any of these files are found you can delete them.

Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Biggstone78 » May 4th, 2006, 12:53 pm

When you prompted me to find regperf.exe, It was not there. However I will look for the other one. Again thank you sooooooooooo Much, I can now use my computer without all that extra JUNK!!! I also have added to the security of the PC by adding a few more spyware applications!!! thanks!!!!!!!
Biggstone78
Active Member
 
Posts: 10
Joined: May 2nd, 2006, 10:07 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 385 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware