|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
01-18-2007, 08:58 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 7
OS: xp
|
a little help please
i posted this on anpther post,
Help with spyware please Hey. Im having problem with what I think is spyware. I found and removed a very persistent spyware called Antivermin something. But ever since ive had trouble with all spyware removal tools. spybot, aSquared and few other i randomly downloaded to test. they all crash at about 70% evreytime im sure its as it detects some spyware and seem strange its only spyware removal software. Any ideas would be greatly appreciated Thanks in advance I was told to come here and post hijack log. i have run the 5 steps. but can only run my spyware programs on quick scans. if i do full or deep scans then pc just shuts down at 70% still. This problem is new today and seemed to show up when i was infected with Antivermin spyware i removed this using Smitfraudfix.exe and it seemed to do trick. apart from this issue. i thought mayb i was still infecteded with something that was shutting down pc upon detection but im no expert please help. i cant see nothing in hijack this log mayb u can.... Logfile of HijackThis v1.99.1 Scan saved at 15:46:53, on 18/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\Mixer.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE D:\Downloads\hijackthis\HijackThis.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
01-22-2007, 07:43 AM
|
#2 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,059
OS: WinXP and Vista
|
Hello stuartt and welcome,
The infection you have recognizes HijackThis and prevents HJT from reading the registry locations where it resides as well as hiding other infections in those locations. I'd like you to rename HijackThis.exe to stuartt.exe.
------------------------------------------------------- Smitfraudfix would have produced a report at C:\rapport.txt. Please post that log here as well. |
|
|
|
|
01-24-2007, 03:12 AM
|
#3 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 7
OS: xp
|
Thanks
i managed to get spybot and ad-aware to run once and cleared some out but next day when i attempted to run i gt the same problem. i have done as u requestsed here are the logs.
my system seems to improved in stability and genral runnning but im still abit concerned about not bein able to run any anti spyware programs. thanks in advance SmitFraudFix v2.132 Scan done at 11:36:59.65, 18/01/2007 Run from C:\Documents and Settings\stuart\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of HijackThis v1.99.1 Scan saved at 10:05:35, on 24/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\Mixer.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE D:\Downloads\hijackthis\stuartt.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32. |
|
|
|
|
01-24-2007, 07:42 AM
|
#4 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,059
OS: WinXP and Vista
|
Hello,
Download Combofix and save it to your desktop. **Note: It is important that it is saved directly to your desktop** ------------------------------------- Close any open browsers. ------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall Post the ComboFix.txt in your next reply. -------------------------------------------------------------------- I'd also like to see the following: Create an Uninstall List: Open HijackThis *Click on the "Configure" button on the bottom right *Click on the tab "Misc Tools" *Click on the Box that says "Open Uninstall Manager" *Click on the button "Save list" The list will automatically be saved in your HijackThis folder. Please copy and paste the uninstall_list.txt here. |
|
|
|
|
01-24-2007, 12:42 PM
|
#5 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 7
OS: xp
|
thanks for your time
uninstall.txt
Ad-Aware SE Personal Adobe Reader 7.0.8 AGEIA PhysX v2.3.3 ALi mini IDE driver a-squared Free 2.1 ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Control Panel ATI Display Driver ATI HYDRAVISION Audio MP3/WMA Recorder AVG Free Edition Battlefield 2(TM) Battlefield 2142 Black & White® 2 Call of Duty(R) 2 CCleaner (remove only) CDRWIN 6.1 CivCity Company of Heroes Dark Messiah Dawn Of War DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player Dungeon Siege 2 Emperor: Rise of the Middle Kingdom Empires Dawn of the Modern World Fable - The Lost Chapters FEAR FEAR Standalone Server Free Download Manager 2.0 - Free Downloads Center Edition GameShadow GameSpy Arcade Ghost Recon Advanced Warfighter GTA San Andreas Guild Wars Heroes of Might and Magic V HijackThis 1.99.1 J2SE Runtime Environment 5.0 Update 6 Jagged Alliance 2 Lavasoft VX2 Cleaner Legacy of Kain: Defiance 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft DirectX Transform optional components Microsoft Office XP Professional with FrontPage Mozilla Firefox (1.5.0.6) MSXML 4.0 SP2 (KB927978) Neverwinter Nights 2 NVIDIA Display Driver Oblivion PCI Audio Applications PCI Audio Driver PlayLinc Prey Quake 4(TM) QuickTime RealPlayer Realtek AC'97 Audio Registry Mechanic 5.0 Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Microsoft .NET Framework 2.0 (KB922770) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB929969) Sid Meier's Civilization 4 SpellForce 2 - Shadow Wars Spybot - Search & Destroy 1.4 Star Wars Battlefront II Steam Sunbelt Kerio Personal Firewall Super Mp3 Recorder Professional v5.1 SWAT 4 System Alert Popup TeamSpeak 2 RC2 TeamSpeak 2 Server RC2 The Battle for Middle-earth (tm) II Tidy Start Menu Trillian TRUST 850F VIBRAFORCE FEEDBACK SIGHTFIGHTER ULi 5289 Driver ULi AGP Driver 2.20 ULi LAN Driver Ultima Online: The Eighth Age UOAssist UOGateway Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Vampire - The Masquerade Bloodlines Ventrilo Client Ventrilo Server Viewer 4.6 Winamp (remove only) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 WinRAR archiver World of Warcraft X3: Reunion v1.4.03 Xfire (remove only) "stuart" - 07-01-24 19:32:51 Service Pack 2 ComboFix 07-01-24.2 - Running from: "C:\Documents and Settings\stuart" ((((((((((((((((((((((((((((((( Files Created from 2006-12-24 to 2007-01-24 )))))))))))))))))))))))))))))))))) 2007-01-20 16:32 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-01-18 16:10 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-01-18 15:42 <DIR> d-------- C:\DOCUME~1\stuart\Application Data\Lavasoft 2007-01-18 15:41 <DIR> d-------- C:\Program Files\Lavasoft 2007-01-18 11:19 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-01-18 11:19 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-01-18 11:19 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-01-18 11:19 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2007-01-18 11:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-01-18 11:19 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2007-01-18 11:19 1,760 --a------ C:\WINDOWS\system32\tmp.reg 2007-01-18 11:18 <DIR> d-------- C:\DOCUME~1\stuart\SmitfraudFix 2007-01-13 13:25 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-01-10 20:41 <DIR> d-------- C:\Program Files\Sunbelt Software 2007-01-10 15:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe 2007-01-10 15:40 <DIR> d-------- C:\DOCUME~1\stuart\Application Data\InstallShield 2007-01-04 18:28 <DIR> d-------- C:\Program Files\Microsoft Games 2007-01-04 16:32 <DIR> d-------- C:\DOCUME~1\stuart\Application Data\Adobe 2006-12-29 14:48 <DIR> d-------- C:\Program Files\Atari 2006-12-29 13:19 <DIR> dr-h----- C:\DOCUME~1\stuart\Application Data\SecuROM 2006-12-27 14:32 <DIR> d-------- C:\DOCUME~1\stuart\Application Data\acccore 2006-12-27 14:16 <DIR> d-------- C:\WINDOWS\system32\PlayLinc 2006-12-27 14:16 <DIR> d-------- C:\Program Files\PlayLinc 2006-12-27 14:13 <DIR> d-------- C:\Program Files\Common Files\Adobe 2006-12-27 14:00 <DIR> d-------- C:\Program Files\Steam 2006-12-26 19:05 <DIR> d-------- C:\Program Files\GameSpy 2006-12-26 18:57 <DIR> d-------- C:\Program Files\Electronic Arts (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-24 19:30 -------- d-------- C:\Program Files\mozilla firefox 2007-01-20 16:32 -------- d-------- C:\Program Files\Common Files\real 2007-01-18 16:54 -------- d-------- C:\Program Files\a-squared free 2007-01-14 23:25 -------- d-------- C:\Program Files\trillian 2007-01-13 13:25 -------- d--h----- C:\Program Files\installshield installation information 2007-01-04 18:52 -------- d---s---- C:\DOCUME~1\stuart\Application Data\microsoft 2006-12-29 15:52 108144 --a------ C:\WINDOWS\system32\cmdlineext.dll 2006-12-22 18:08 -------- d-------- C:\Program Files\trust 2006-12-22 18:08 -------- d-------- C:\Program Files\ruling technologies 2006-12-07 05:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-11-25 11:09 -------- d-------- C:\DOCUME~1\stuart\Application Data\ventrilo 2006-11-22 10:52 520192 --------- C:\WINDOWS\system32\ati2sgag.exe 2006-11-22 03:25 261120 --a------ C:\WINDOWS\system32\ati2dvag.dll 2006-11-22 03:20 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll 2006-11-22 03:20 106496 --a------ C:\WINDOWS\system32\oemdspif.dll 2006-11-22 03:19 90112 --a------ C:\WINDOWS\system32\ati2evxx.dll 2006-11-22 03:19 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll 2006-11-22 03:19 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe 2006-11-22 03:18 430080 --a------ C:\WINDOWS\system32\ati2evxx.exe 2006-11-22 03:17 53248 --a------ C:\WINDOWS\system32\atiddc.dll 2006-11-22 03:12 2526688 --a------ C:\WINDOWS\system32\ati3duag.dll 2006-11-22 03:11 5279744 --a------ C:\WINDOWS\system32\atioglxx.dll 2006-11-22 03:08 1090016 --a------ C:\WINDOWS\system32\ativvaxx.dll 2006-11-22 02:57 217088 --a------ C:\WINDOWS\system32\atikvmag.dll 2006-11-22 02:56 17408 --a------ C:\WINDOWS\system32\atitvo32.dll 2006-11-22 02:51 294912 --a------ C:\WINDOWS\system32\ati2cqag.dll 2006-11-22 02:50 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll 2006-11-22 02:49 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll 2006-11-22 02:21 303104 --a------ C:\WINDOWS\system32\atidemgr.dll 2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "C-Media Mixer"="Mixer.exe /startup" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^stuart^Start Menu^Programs^Startup^Morpheus.lnk] "backup"="C:\\WINDOWS\\pss\\Morpheus.lnkStartup" "location"="Startup" "item"="Morpheus" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^stuart^Start Menu^Programs^Startup^Trillian.lnk] "backup"="C:\\WINDOWS\\pss\\Trillian.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\Trillian\\trillian.exe " "item"="Trillian" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^stuart^Start Menu^Programs^Startup^Xfire.lnk] "backup"="C:\\WINDOWS\\pss\\Xfire.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\Xfire\\Xfire.exe " "item"="Xfire" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdwareAlert" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comodo Firewall] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CPF" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="fdm" "hkey"="HKCU" "command"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleDesktop" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ICQLite" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSMSGS" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NVMCTRAY" "hkey"="HKCU" "command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realplay" "hkey"="HKCU" "command"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTGameClean] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RegClean" "hkey"="HKLM" "command"="C:\\Program Files\\Trust\\850F VIBRAFORCE FEEDBACK SIGHTFIGHTER\\RegClean.exe c" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SOUNDMAN" "hkey"="HKLM" "command"="SOUNDMAN.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="steam" "hkey"="HKCU" "inimapping"="0" "command"="\"c:\\program files\\steam\\steam.exe\" -silent" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Program Files\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="zlclient" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=dword:00000002 "mnmsrvc"=dword:00000003 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "none"="C:\\Program Files\\Video ActiveX Object\\pmsngr.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SPsys [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070110-165341-666 O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\3.bin\MORPHBAR.DLL backup-20070110-165341-906 O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\3.bin\MBSRCAS.DLL backup-20070110-165341-696 O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\3.bin\MORPHBAR.DLL backup-20070110-165341-542 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll backup-20070110-165341-625 R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\3.bin\MBSRCAS.DLL backup-20060829-100849-570 O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe backup-20060829-100849-591 O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 backup-20060731-161639-506 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 backup-20060731-161548-477 O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe backup-20060731-161548-760 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe backup-20060731-161548-842 O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay backup-20060515-093311-957 O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1\MORPHE~1\MORPHE~1.DLL backup-20060515-093311-861 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll backup-20060515-093311-256 O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll backup-20060515-093311-790 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll backup-20060515-093235-282 O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll backup-20060515-093235-463 O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll backup-20060515-093235-253 O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm backup-20060515-093235-536 O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm backup-20060515-093235-648 O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm backup-20060515-093235-618 O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm backup-20060426-205653-788 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll backup-20060426-205653-278 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll backup-20060404-182917-470 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe backup-20060404-182917-208 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe backup-20060404-182917-416 O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe backup-20060404-182917-555 O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe backup-20060404-182917-139 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll backup-20060404-182917-357 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll backup-20060404-182917-182 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll backup-20060404-182917-962 O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML backup-20060404-182917-734 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php backup-20060329-102626-104 O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe backup-20060329-102626-863 O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe backup-20060227-090211-880 O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm Completion time: 07-01-24 19:36:51 |
|
|
|
|
01-24-2007, 09:24 PM
|
#6 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,059
OS: WinXP and Vista
|
Hi stuartt,
Now I see it.  Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. *************************************************** Download the attached stuartt.zip file to your desktop. -------------------------------------------------------------------- Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" 
-------------------------------------------------------------------- Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account. Make sure to close any open browsers. -------------------------------------------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) System Alert Popup -------------------------------------------------------------------- Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. *Also, make sure there is no checkmark beside Hide file extensions for known file types. * Click OK. -------------------------------------------------------------------- Using 'My Computer', navigate to and delete the following Folders if they still exist. C:\Program Files\ System Alert Popup C:\Program Files\ WebRebates4 -------------------------------------------------------------------- Double click on the stuartt.zip folder, then double click on the .reg file within. Click yes to allow it to merge into your registry. -------------------------------------------------------------------- I see you have CCleaner installed. Please launch the program: Under the Windows tab, make sure the following are checked: -Temporary Internet Files -Empty Recycle Bin -Temporary Files Click on "Run Cleaner" (do not reboot) -------------------------------------------------------------------- IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
-------------------------------------------------------------------- Reboot into Normal Mode. -------------------------------------------------------------------- Double-click on SmitfraudFix.exe to start the tool. Select option #3 - Delete Trusted zone by typing 3 and press Enter Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter. Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection. ---------------------------------------------------- Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Perform an online scan with Internet Explorer with Panda ActiveScan
* Turn off the real time scanner of any existing antivirus program while performing the online scan -------------------------------------------------------------------- Run a new scan with HijackThis and save the log. -------------------------------------------------------------------- Please include the following in your next reply: AVG Anti-Spyware results Panda results New HijackThis log Last edited by Ried; 03-02-2007 at 07:53 AM. |
|
|
|
|
01-25-2007, 07:02 AM
|
#7 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 7
OS: xp
|
Right i have followed evrey step apart from pandascan i tired to run it each time i press on scan now says page is temporaily unavalible. it worked for me 1 in 5 trys but then it downloaded files then said started scan but just hung there for hours i have left it running but doesnt apear to be doing anything. if it completes i will add its scan results. avgspyware did complete with out rebooting my pc and found 23 items which is more than any others have done thanks.
other txt files as requested. Logfile of HijackThis v1.99.1 Scan saved at 13:53:02, on 25/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\Mixer.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Downloads\hijackthis\stuartt.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe VG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 13:08:48 25/01/2007 + Scan result: HKU\S-1-5-21-329068152-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : No action taken. HKU\S-1-5-21-329068152-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : No action taken. C:\Shared Folder Main pc\hijackthis\backups\backup-20060515-093311-957.dll -> Adware.Softomate : No action taken. D:\Downloads\hijackthis\backups\backup-20060515-093311-957.dll -> Adware.Softomate : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0299672.dll -> Adware.WorldSecurityOnline : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0299677.exe -> Downloader.Zlob.bjy : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0295662.exe -> Downloader.Zlob.bkn : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0295663.dll -> Downloader.Zlob.bkn : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0295664.exe -> Downloader.Zlob.bkn : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0296651.exe -> Downloader.Zlob.bkn : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0296652.dll -> Downloader.Zlob.bkn : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0296653.exe -> Downloader.Zlob.bkn : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0297652.exe -> Downloader.Zlob.bkn : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0297653.dll -> Downloader.Zlob.bkn : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0297654.exe -> Downloader.Zlob.bkn : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0299667.exe -> Downloader.Zlob.bkn : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0299673.dll -> Downloader.Zlob.bkn : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0299674.exe -> Downloader.Zlob.bkn : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0299675.dll -> Downloader.Zlob.bkn : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0299676.exe -> Downloader.Zlob.bkn : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0299678.exe -> Downloader.Zlob.bkn : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0299680.exe -> Downloader.Zlob.bkn : No action taken. C:\System Volume Information\_restore{1F63BB98-9410-4EC3-84EA-5B3ECF59AB84}\RP309\A0299681.exe -> Downloader.Zlob.bkn : No action taken. ::Report end |
|
|
|
|
01-25-2007, 07:34 AM
|
#9 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,059
OS: WinXP and Vista
|
I'll trust you on that.
If you clicked on Save Report before you clicked 'Apply all Actions', the log will appear as though 'no action taken'. As AVG A-S cleaned portions of your System Restore, we need to create a working Restore point now. Click Start >> Run - type SYSDM.CPL & press Enter * Select the System Restore Tab * Tick on the checkbox - "Turn off System Restore on all drives" Click Apply * Then untick the same checkbox & click OK and Windows will automatically create a new Restore point. -------------------------------------------------------- Try this online scanner instead: Please perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
Also, have you tried scanning with Spybot or aSquared since carrying out the previous fix? Will they complete a scan? |
|
|
|
|
01-25-2007, 10:41 AM
|
#10 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 7
OS: xp
|
all seems fine thanks
Yeah spyware and asquared are working fine again and come back clear im running that online scan over night tonight and if theres any problem ill post back here but im pretty confident you have solved my problem.
Thanks alot for your time and effort ill be sure to recomend to friends and i will look into donating to your site. again thanks alot. |
|
|
|
|
01-25-2007, 04:53 PM
|
#11 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,059
OS: WinXP and Vista
|
Hiya,
You're welcome.  In the event the Kaspersky scan comes back clean, I'll give you the final housekeeping and prevention steps now.Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links. Reset hidden/system files and folders Windows XP =============== Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Deselect the Show hidden files and folders option. * Select the Hide file extensions for known types option. * Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Enable Windows Auto Update *Go to Start>Run - type wuaucpl.cpl *Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Create a new System Restore point Click Start >> Run - type SYSDM.CPL & press Enter * Select the System Restore Tab * Tick on the checkbox - "Turn off System Restore on all drives" Click Apply * Then untick the same checkbox & click OK This will prevent any reinfection from previous restore points. To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items . Download Spyware Guard to catch and block spyware before it can execute. Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Follow this list and your potential for being infected again will reduce dramatically.
|
|
|
|
| Thread Tools | |
|
|
located at the bottom of the page.
then click 
