Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Home Page Hijacked And Critical System Error?


  • Please log in to reply
10 replies to this topic

#1 mikki

mikki

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 04 October 2006 - 12:14 PM

Computer is infected with something. Home page keeps getting directed to www.theuptodatesecurity.net and popping up that I am infected- please come buy our stuff. I ran all the scans but I could not get the AdAware to come back clean. I tried 8 times. It kept finding the trojan but a later one said it cleared it. Please help.







Logfile of HijackThis v1.99.1
Scan saved at 12:08:34 PM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iMediaCodec\isamonitor.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iMediaCodec\isamini.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\iMediaCodec\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\iMediaCodec\iesplugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143417315218
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143417306375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: horologium - {7be183d2-a42d-4915-bf60-ec86fbf002cf} - C:\WINDOWS\System32\httge.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

BC AdBot (Login to Remove)

 


#2 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:03:50 PM

Posted 07 October 2006 - 07:10 PM

Hi Mikki,

Welcome to Bleeping Computer. :thumbsup:

I will be helping you under the guidance of one of our expert coaches.

Please give me a little time to analyze your log. I will post back with instructions.

Thanks for your patience --

Dave

#3 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:03:50 PM

Posted 08 October 2006 - 01:08 PM

Hi again Mikki,

The first step in your fix is to download a special tool aimed at your particular infection, and run its diagnostic option.

Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please save that file and copy/paste the content of that report into your next reply.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

After running the diagnostic option # 1, please post that log to a reply here, as mentioned above. If you have any trouble with downloading or running the tool please let me know.

Good luck --

Dave

#4 mikki

mikki
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 09 October 2006 - 04:04 AM

Here is what it came up with. Thanks so much for helping!

SmitFraudFix v2.106

Scan done at 4:01:15.96, Mon 10/09/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32

C:\WINDOWS\system32\httge.dll FOUND !

C:\Documents and Settings\Owner


C:\Documents and Settings\Owner\Application Data


Start Menu


C:\DOCUME~1\Owner\FAVORI~1


Desktop


C:\Program Files

C:\Program Files\iMediaCodec\ FOUND !
C:\Program Files\VirusBurster\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7be183d2-a42d-4915-bf60-ec86fbf002cf}"="horologium"

[HKEY_CLASSES_ROOT\CLSID\{7be183d2-a42d-4915-bf60-ec86fbf002cf}\InProcServer32]
@="C:\WINDOWS\System32\httge.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7be183d2-a42d-4915-bf60-ec86fbf002cf}\InProcServer32]
@="C:\WINDOWS\System32\httge.dll"



AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


pe386-msguard-lzx32


Scanning wininet.dll infection


End

#5 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:03:50 PM

Posted 09 October 2006 - 06:36 AM

Hi again Mikki,

Looks like you've got Virusburst.

Please print out these instructions or save them as a notepad file, because some steps will be done in Safe mode, with no internet access.


Step 1. Boot into Safe Mode
  • Restart your computer.
  • When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a menu.
  • When you have the menu on the screen, use the arrow keys to move to the line that says Safe Mode.
  • Then press <Enter> on your keyboard to boot into Safe Mode.
  • At the logon screen, boot into your usual account. The screen will look different than normal mode.
Step 2. Smitfraudfix cleaning


Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background



Step 3. Fresh hijackThis scan, and get back to me

Open HiJackThis and run a fresh scan. Post that log, along with the Smitfraudfix logs, to a reply here. Please let me know if you encountered any problems, and how your computer is running now.

Good luck!

#6 mikki

mikki
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 10 October 2006 - 05:34 PM

Here are the 2 logs. Thanks

SmitFraudFix v2.106

Scan done at 17:25:55.90, Tue 10/10/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7be183d2-a42d-4915-bf60-ec86fbf002cf}"="horologium"

[HKEY_CLASSES_ROOT\CLSID\{7be183d2-a42d-4915-bf60-ec86fbf002cf}\InProcServer32]
@="C:\WINDOWS\System32\httge.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7be183d2-a42d-4915-bf60-ec86fbf002cf}\InProcServer32]
@="C:\WINDOWS\System32\httge.dll"


Killing process


Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\System32\httge.dll -> Hoax.Win32.Renos.gen.e
C:\WINDOWS\System32\httge.dll -> Deleted


Deleting infected files

C:\Program Files\iMediaCodec\ Deleted
C:\Program Files\VirusBurster\ Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

Logfile of HijackThis v1.99.1
Scan saved at 5:31:25 PM, on 10/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143417315218
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143417306375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

#7 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:03:50 PM

Posted 11 October 2006 - 07:11 PM

Hi again Mikki,

Looks like Smitfraudfix did its job. Your HJT log is clean! :thumbsup:


To be sure there is nothing lurking in the shadows, we need to do a few more steps.


First, let's get rid of temporary files and folders: Get ATF Cleaner here . It does not require installation, just download it to your desktop. Double-click the ATFCleaner icon to launch the program. For this first run, check the select all box on the main page, then click Empty selected. Then, if you use Firefox or Opera, click on the appropriate tab and repeat the same drill.


You need to update your Java. Earlier versions have serious security vulnerabilities. Click Start, Control Panel, then double click Add/Remove Programs. When the list is populated look for any and all entries starting with J2SE or JRE with the little Java icon (a coffee cup). Remove them all, one by one. Then open your browser and go to this web page to get the latest version. Scroll dow to the middle of the page where you will find Java Runtime Environment (JRE) 5.0 Update 9. Click Download which will take you to the secure download page. At the top, select the Accept License Agreement button. Then look to the first block for the J2SE downloads for the Windows Platform. You can choose either the Online or Offline installation version; unless you have several computers you need to upgrade, I suggest the Online version.

Download the file to your desktop. Close your browser, and double click the Java icon. Accept the installation defaults. When the installation is finished you will get a notice that you need to reboot the computer in order to finish the process. Close out the installer, and reboot.

If you have trouble with the Online installation, you can download the big Offline file and install it with your browser closed.


Finally, I need you to do one more scan.


Ewido 4.0 has been superseded by AVG Antispyware 7.5, which reflects the merger of Ewido with Grisoft, the makers of AVG antivirus. The program has undergone more than a name change, though; it has significantly improved capabilities expecially in the area of malware removal. You should upgrade to the new version.

First, uninstall Ewido:Click Start, then Control Panel, the double click Add or Remove Programs.

Scroll down to Ewido and select it. Click Remove.

To the "Are You Sure" warning popup, click Yes.

Ewido should now uninstall. When it is finished click OK. On some computers it may ask to reboot, if so allow it.
Next, install AVG-AS: Open your browser and go to This page. Read the information regarding the paid and free versions of the program, then at the bottom of the page click the orange box labeled Download Now. Save the AVG-AS setup file to your desktop. Close your browser.

Double click the AVGAS setup icon. Unless you need to change the language first, click OK, then Next.

On the License agreement screen click I Agree. Then accept the default installation folder by clicking Next.

Finally, click Install. The program will then copy files and register itself; when it tells you it is installed, click Finish.

AVG-AS 7.5 will open. On the Status screen you will see a line Last Update ! Never. On that line click Update Now.

After the program updates, you may want to change the Auto Updates options. The default is to check for updates every 60 minutes, which you may feel is excessive. Note that after the 30 day trial period, Auto Updates is disabled unless you pay for the program.

Now click the Scanner icon at the top of the window. Click the Settings tab. When that screen opens select the radio button Automatically produce a report after every scan. Uncheck the box Only if threats were found.

On the same screen, under "How to Act", click on Recommended Actions. Select Quarantine.

Leave the other settings on that screen at their defaults.

Close the program. This will save the settings changes. Do not run a scan yet.
Finally, scan with AVG AntiSpyware:Double click the AVG-AS 7.5 icon on your desktop to start the program.

Unless you have already updated today, update the definitions.

Click the Scan tab. When the screen opens, select Complete System Scan. This action will take some time.

When the scan is finished, scroll through the list. Except for cookies, which should be set to Delete, every item should be set to Quarantine. If this is not the case, change it.

Now click Apply All Actions. Then click Save Report. On the screen that opens, click Save Report As, and in the Report save as... window navigate to and select your Desktop. You may want to rename the report file to something such as AVGAS_scan01.txt that will make it easier to recognize.

Close the program.
Copy and paste the AVGAS report into a reply to this topic. Also, please tell me how your computer is running now.

#8 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:03:50 PM

Posted 13 October 2006 - 08:05 AM

Hi Mikki,

Just to let you know I will be away for the weekend, so expect a response to that AVG-AS log Monday.

Hope your computer is running fine now.

Cheers,

Dave

#9 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:03:50 PM

Posted 18 October 2006 - 05:28 AM

Mikki, are you still there?

#10 mikki

mikki
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 18 October 2006 - 12:50 PM

Sorry, I thought I had posted it so I redid the scan. Here it is. It seems to working better

--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:45:01 PM 10/18/2006

+ Scan result:



C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : No action taken.
HKU\S-1-5-21-1865961744-3617422731-4244320284-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} -> Adware.Generic : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\A0022514.dll -> Downloader.Agent.ayq : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP294\A0016198.exe -> Downloader.Zlob.anq : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP296\A0016248.exe -> Downloader.Zlob.anq : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP297\A0016264.exe -> Downloader.Zlob.anq : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP301\A0016323.exe -> Downloader.Zlob.anq : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP302\A0016342.exe -> Downloader.Zlob.anq : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP302\A0016357.exe -> Downloader.Zlob.anq : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP302\A0016373.exe -> Downloader.Zlob.anq : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\A0022522.exe -> Downloader.Zlob.anq : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\A0022523.exe -> Downloader.Zlob.anq : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP294\A0016197.exe -> Downloader.Zlob.anu : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP296\A0016249.exe -> Downloader.Zlob.anu : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP297\A0016263.exe -> Downloader.Zlob.anu : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP301\A0016322.exe -> Downloader.Zlob.anu : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP302\A0016343.exe -> Downloader.Zlob.anu : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP302\A0016358.exe -> Downloader.Zlob.anu : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP302\A0016374.exe -> Downloader.Zlob.anu : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP349\A0021851.exe -> Downloader.Zlob.anu : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP350\A0021904.exe -> Downloader.Zlob.anu : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP350\A0021922.exe -> Downloader.Zlob.anu : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP351\A0022052.exe -> Downloader.Zlob.anu : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP351\A0022069.exe -> Downloader.Zlob.anu : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP352\A0022289.exe -> Downloader.Zlob.anu : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP353\A0022338.exe -> Downloader.Zlob.anu : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\A0022518.exe -> Downloader.Zlob.anu : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\A0022519.exe -> Downloader.Zlob.anu : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP294\A0016196.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP296\A0016247.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP297\A0016265.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP301\A0016321.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP302\A0016341.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP302\A0016356.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP302\A0016372.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP349\A0021850.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP350\A0021902.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP350\A0021921.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP351\A0022051.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP351\A0022068.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP352\A0022288.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP353\A0022337.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\A0022517.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\A0022524.exe -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[3].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4qiczkap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4umc5keo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfl4aoc5gbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliqoczkcp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfloenc5ghq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfloeodzmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkyshcjefo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliugcpslq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjloaoajodo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjloopd5iao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlowidzgdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiuhajwbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmyaic5ekp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmyepajsgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmywjajshp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : No action taken.


::Report end

#11 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:03:50 PM

Posted 19 October 2006 - 05:26 AM

Hi again Mikki,

Thanks for getting back to me.

It appears that when you ran AVG-Antispyware nothing was deleted or quarantined. I think you may have forgotten to click on Apply all actions before saving the log file.

In any case, most of what AVG-AS found was cookies, which are not very worrisome, or items in your System Restore files, which we will get rid of in a little while. The scan did find one file, so just to make sure it is gone, please navigate to and delete the following file, if found:

C:\WINDOWS\cpbrkpie.ocx


Next, Re-hide files and folders:Click Start, My Computer, then Tools, then Folder Options. Then click the View tab.

Check the box Hide protected operating system files.

Select the Radio Button Do not show hidden files and folders.

Click Apply, then OK, and close My Computer.
Now you need to Flush and Reset your System Restore files. For this I refer you to this tutorial:

http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/


Finally, please read and implement the recommendations found here.

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

To the advice presented there I would add: Use caution when you surf. Popup ads, even on a trusted website, are the real time equivalent of unsolicited e-mail. Investigate free software carefully before you download it. Avoid peer-to-peer file sharing and any kind of illegal website, including gaming.

If you take these steps you'll go a long way toward assuring you will not be a "repeat customer."

Good luck, and happy computing --

Dave :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users