Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Keep Redirected To Spyware Sheriff And Miaminews365.net


  • This topic is locked This topic is locked
12 replies to this topic

#1 blow_fish

blow_fish

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 05 April 2007 - 12:09 AM

My IE keep redirect me to a spyware sheriff website and miamnews365.net. I would like to know is there any recommended software that can be used to REMOVE this? Such as spyware doctor or something? For now manual removal is needed badly.

Here's the log of hijackthis, please help me remove it. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 11:47:12 AM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cfgmgr32v.dll
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?07bd72c40a72404694a50d7b59c7b7b7
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?07bd72c40a72404694a50d7b59c7b7b7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/emailimport/ms/emailimport.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:25 AM

Posted 05 April 2007 - 06:31 AM

Hello,

* Please download SmitfraudFix (by S!Ri)

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cfgmgr32v.dll
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Doubleclick SmitFraudFix to start the tool.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

(Warning : running option #2 on a non infected computer will remove your Desktop background and set it blank again. But you can reapply your desktop background again afterwards

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process.

Post the log from smitfraudfix in your next reply together with a new hijackthislog.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 blow_fish

blow_fish
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 05 April 2007 - 09:17 AM

I think it's fixed :thumbsup: Glad to get it fixed.. Thank you so much
Log from HJT:
Logfile of HijackThis v1.99.1
Scan saved at 9:13:23 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Sony Ericsson\Mobile4\Sync Manager\SyncIndicator.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?07bd72c40a72404694a50d7b59c7b7b7
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?07bd72c40a72404694a50d7b59c7b7b7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/emailimport/ms/emailimport.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


And this log from rapport.txt
SmitFraudFix v2.164

Scan done at 21:08:26.93, Thu 04/05/2007
Run from F:\Downloads\Spyware\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\TrustIn Contextual\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{05C84AE2-9CED-494B-95C7-74E0E74C0B1F}: DhcpNameServer=202.155.0.10 202.155.0.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{05C84AE2-9CED-494B-95C7-74E0E74C0B1F}: DhcpNameServer=202.155.0.10 202.155.0.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{05C84AE2-9CED-494B-95C7-74E0E74C0B1F}: DhcpNameServer=202.155.0.10 202.155.0.15
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=202.155.0.10 202.155.0.15
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=202.155.0.10 202.155.0.15
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=202.155.0.10 202.155.0.15


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:25 AM

Posted 05 April 2007 - 09:26 AM

Hi,

Yes, it is fixed. Your log looks clean again.

Just look if next files are still present and delete them:

C:\WINDOWS\system32\cfgmgr32v.dll
C:\WINDOWS\inetloader.dll

(don't worry if you can't find them)

Just one thing to perform though.. Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 blow_fish

blow_fish
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 05 April 2007 - 11:17 AM

Thank you for the help. I updated the java run time. I think everything doing fine.. Thanks :thumbsup:

But now everytime I plug flashdisk. This comes up

AppName: generic.exe AppVer: 1.4.9.0 ModName: generic.exe
ModVer: 1.4.9.0 Offset: 0009005e

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="Generic.exe" FILTER="GRABMI_FILTER_PRIVACY">
<MATCHING_FILE NAME="boost_log-vc71-mt-1_33.dll" SIZE="81920" CHECKSUM="0xA4FD6D03" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" LINK_DATE="03/09/2006 16:31:12" UPTO_LINK_DATE="03/09/2006 16:31:12" />
<MATCHING_FILE NAME="CapabilityManager.exe" SIZE="212992" CHECKSUM="0xBE60CBD3" BIN_FILE_VERSION="1.2.0.70" BIN_PRODUCT_VERSION="1.2.0.70" PRODUCT_VERSION="1.2.0.70" FILE_DESCRIPTION="Capability Manager" COMPANY_NAME="Popwire AB" PRODUCT_NAME="CapabilityManager" FILE_VERSION="1.2.0.70" ORIGINAL_FILENAME="CapabilityManager.exe" INTERNAL_NAME="CapabilityManager.exe" LEGAL_COPYRIGHT="Copyright © 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.2.0.70" UPTO_BIN_PRODUCT_VERSION="1.2.0.70" LINK_DATE="03/09/2006 00:00:21" UPTO_LINK_DATE="03/09/2006 00:00:21" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="DeviceSelect.dll" SIZE="262144" CHECKSUM="0x2E85A4BF" BIN_FILE_VERSION="1.2.1.0" BIN_PRODUCT_VERSION="1.2.1.0" PRODUCT_VERSION="1, 2, 1, 0" FILE_DESCRIPTION="Tool to select exactly one device from the Device Manager list of connected devices" COMPANY_NAME="Popwire AB" PRODUCT_NAME="Device Select" FILE_VERSION="1, 2, 1, 0" ORIGINAL_FILENAME="DeviceSelect.dll" INTERNAL_NAME="DeviceSelect.dll" LEGAL_COPYRIGHT="© 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.2.1.0" UPTO_BIN_PRODUCT_VERSION="1.2.1.0" LINK_DATE="02/14/2006 15:59:42" UPTO_LINK_DATE="02/14/2006 15:59:42" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="DeviceSelectResources.dll" SIZE="4096" CHECKSUM="0x4A0F5C67" BIN_FILE_VERSION="1.2.1.0" BIN_PRODUCT_VERSION="1.2.1.0" PRODUCT_VERSION="1, 2, 1, 0" FILE_DESCRIPTION="Language resources" COMPANY_NAME="Popwire AB" PRODUCT_NAME="Device Select" FILE_VERSION="1, 2, 1, 0" ORIGINAL_FILENAME="DeviceSelectResources.dll" INTERNAL_NAME="DeviceSelectResources.dll" LEGAL_COPYRIGHT="© 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.2.1.0" UPTO_BIN_PRODUCT_VERSION="1.2.1.0" LINK_DATE="02/14/2006 15:24:51" UPTO_LINK_DATE="02/14/2006 15:24:51" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Generic.exe" SIZE="978944" CHECKSUM="0xE6F1B47D" BIN_FILE_VERSION="1.4.9.0" BIN_PRODUCT_VERSION="1.4.9.0" PRODUCT_VERSION="1, 4, 9, 0" FILE_DESCRIPTION="Generic Device Management Executable." COMPANY_NAME="Obigo AB" PRODUCT_NAME="Device Management" FILE_VERSION="1, 4, 9, 0" ORIGINAL_FILENAME="Generic.exe" INTERNAL_NAME="Generic.exe" LEGAL_COPYRIGHT="© 2006 Obigo AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.4.9.0" UPTO_BIN_PRODUCT_VERSION="1.4.9.0" LINK_DATE="06/07/2006 12:47:03" UPTO_LINK_DATE="06/07/2006 12:47:03" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="HookStarter.dll" SIZE="200704" CHECKSUM="0x7D613604" BIN_FILE_VERSION="1.0.3.0" BIN_PRODUCT_VERSION="1.0.3.0" PRODUCT_VERSION="1, 0, 3, 0" FILE_DESCRIPTION="Module to run hooks synchronously or asynchronously" COMPANY_NAME="Popwire AB" PRODUCT_NAME="HookStarter" FILE_VERSION="1, 0, 3, 0" ORIGINAL_FILENAME="HookStarter.dll" INTERNAL_NAME="HookStarter.dll" LEGAL_COPYRIGHT="© 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.3.0" UPTO_BIN_PRODUCT_VERSION="1.0.3.0" LINK_DATE="02/17/2006 11:36:44" UPTO_LINK_DATE="02/17/2006 11:36:44" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="SequentialStarter.exe" SIZE="98304" CHECKSUM="0x51512A56" BIN_FILE_VERSION="1.0.1.0" BIN_PRODUCT_VERSION="1.0.1.0" PRODUCT_VERSION="1, 0, 1, 0" FILE_DESCRIPTION="Utility for starting hooks synchronously in sequence" COMPANY_NAME="Popwire AB" PRODUCT_NAME="Sequential Starter" FILE_VERSION="1, 0, 1, 0" ORIGINAL_FILENAME="SequentialStarter.exe" INTERNAL_NAME="SequentialStarter.exe" LEGAL_COPYRIGHT="© 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.1.0" UPTO_BIN_PRODUCT_VERSION="1.0.1.0" LINK_DATE="01/19/2006 17:22:38" UPTO_LINK_DATE="01/19/2006 17:22:38" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="SpecificSCOM.dll" SIZE="167936" CHECKSUM="0x178CA0A5" BIN_FILE_VERSION="1.2.1.0" BIN_PRODUCT_VERSION="1.2.1.0" PRODUCT_VERSION="1, 2, 1, 0" FILE_DESCRIPTION="SCOM specific device management dll." COMPANY_NAME="Popwire AB" PRODUCT_NAME="Device Management" FILE_VERSION="1, 2, 1, 0" ORIGINAL_FILENAME="SpecificSCOM.dll" INTERNAL_NAME="SpecificSCOM.dll" LEGAL_COPYRIGHT="© 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.2.1.0" UPTO_BIN_PRODUCT_VERSION="1.2.1.0" LINK_DATE="03/08/2006 16:50:20" UPTO_LINK_DATE="03/08/2006 16:50:20" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="SpecificUSB.dll" SIZE="204800" CHECKSUM="0x13FC3C06" BIN_FILE_VERSION="1.2.1.1" BIN_PRODUCT_VERSION="1.2.1.1" PRODUCT_VERSION="1, 2, 1, 1" FILE_DESCRIPTION="USB specific device management dll." COMPANY_NAME="Popwire AB" PRODUCT_NAME="Device Management" FILE_VERSION="1, 2, 1, 1" ORIGINAL_FILENAME="SpecificUSB.dll" INTERNAL_NAME="SpecificUSB.dll" LEGAL_COPYRIGHT="© 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.2.1.1" UPTO_BIN_PRODUCT_VERSION="1.2.1.1" LINK_DATE="02/21/2006 12:41:02" UPTO_LINK_DATE="02/21/2006 12:41:02" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="TC Device Mgmt Control.dll" SIZE="36352" CHECKSUM="0x639AAE85" BIN_FILE_VERSION="1.4.6.98" BIN_PRODUCT_VERSION="1.4.6.98" PRODUCT_VERSION="1.4.6.98" FILE_DESCRIPTION="Device Manager TCDMDeviceControl interface definition" COMPANY_NAME="Popwire AB" PRODUCT_NAME="TC Device Mgmt Control" FILE_VERSION="1.4.6.98" ORIGINAL_FILENAME="TC Device Mgmt Control.dll" INTERNAL_NAME="TC Device Mgmt Control.dll" LEGAL_COPYRIGHT="© 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.4.6.98" UPTO_BIN_PRODUCT_VERSION="1.4.6.98" LINK_DATE="04/13/2006 13:40:04" UPTO_LINK_DATE="04/13/2006 13:40:04" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="TC Device Mgmt Internal.dll" SIZE="42496" CHECKSUM="0xBFBFDFB3" BIN_FILE_VERSION="1.4.6.98" BIN_PRODUCT_VERSION="1.4.6.98" PRODUCT_VERSION="1.4.6.98" FILE_DESCRIPTION="Device Manager internal interface definition" COMPANY_NAME="Popwire AB" PRODUCT_NAME="TC Device Mgmt Internal" FILE_VERSION="1.4.6.98" ORIGINAL_FILENAME="TC Device Mgmt Internal.dll" INTERNAL_NAME="TC Device Mgmt Internal.dll" LEGAL_COPYRIGHT="© 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.4.6.98" UPTO_BIN_PRODUCT_VERSION="1.4.6.98" LINK_DATE="04/13/2006 13:39:55" UPTO_LINK_DATE="04/13/2006 13:39:55" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="TC Device Mgmt Service.dll" SIZE="49152" CHECKSUM="0x6A6F664E" BIN_FILE_VERSION="1.4.6.98" BIN_PRODUCT_VERSION="1.4.6.98" PRODUCT_VERSION="1.4.6.98" FILE_DESCRIPTION="Device Manager external interface definition" COMPANY_NAME="Popwire AB" PRODUCT_NAME="TC Device Mgmt Service" FILE_VERSION="1.4.6.98" ORIGINAL_FILENAME="TC Device Mgmt Service.dll" INTERNAL_NAME="TC Device Mgmt Service.dll" LEGAL_COPYRIGHT="© 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.4.6.98" UPTO_BIN_PRODUCT_VERSION="1.4.6.98" LINK_DATE="04/13/2006 13:40:13" UPTO_LINK_DATE="04/13/2006 13:40:13" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="TC Device Mgmt.dll" SIZE="43008" CHECKSUM="0x48DB47C8" BIN_FILE_VERSION="1.4.6.98" BIN_PRODUCT_VERSION="1.4.6.98" PRODUCT_VERSION="1.4.6.98" FILE_DESCRIPTION="Device Management type library and proxy/stub dll." COMPANY_NAME="Popwire AB" PRODUCT_NAME="Device Management" FILE_VERSION="1.4.6.98" ORIGINAL_FILENAME="TC Device Mgmt.dll" INTERNAL_NAME="TC Device Mgmt.dll" LEGAL_COPYRIGHT="© 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.4.6.98" UPTO_BIN_PRODUCT_VERSION="1.4.6.98" LINK_DATE="04/13/2006 13:39:46" UPTO_LINK_DATE="04/13/2006 13:39:46" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="tlib_cmndlgs.dll" SIZE="102400" CHECKSUM="0xB1982066" BIN_FILE_VERSION="1.1.0.3" BIN_PRODUCT_VERSION="1.1.0.3" PRODUCT_VERSION="1, 1, 0, 3" FILE_DESCRIPTION="Common dialogues, provides Splash Screens, About Dialog." COMPANY_NAME="Popwire AB" PRODUCT_NAME="CommonDlgs.dll" FILE_VERSION="1, 1, 0, 3" ORIGINAL_FILENAME="CommonDlgs.dll" LEGAL_COPYRIGHT="Copyright © 2006 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.1.0.3" UPTO_BIN_PRODUCT_VERSION="1.1.0.3" LINK_DATE="03/29/2006 08:06:42" UPTO_LINK_DATE="03/29/2006 08:06:42" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="tlib_log.dll" SIZE="180224" CHECKSUM="0x5DDB5B72" BIN_FILE_VERSION="1.1.0.5" BIN_PRODUCT_VERSION="1.1.0.5" PRODUCT_VERSION="1, 1, 0, 5" FILE_DESCRIPTION="Telecalib Logging, Dynamic Link Library used for logging." COMPANY_NAME="Popwire AB" PRODUCT_NAME="Telecalib Logging" FILE_VERSION="1, 1, 0, 5" ORIGINAL_FILENAME="tlib_log.dll" INTERNAL_NAME="Telecalib Logging" LEGAL_COPYRIGHT="Copyright © 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.1.0.5" UPTO_BIN_PRODUCT_VERSION="1.1.0.5" LINK_DATE="03/23/2006 13:08:17" UPTO_LINK_DATE="03/23/2006 13:08:17" VER_LANGUAGE="English (United States) [0x800]" />
<MATCHING_FILE NAME="xceedzip.dll" SIZE="406048" CHECKSUM="0xBC93D6F8" BIN_FILE_VERSION="4.5.81.0" BIN_PRODUCT_VERSION="4.5.81.0" PRODUCT_VERSION="4.5.81.0" FILE_DESCRIPTION="Xceed Zip Compression Library" COMPANY_NAME="Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com" PRODUCT_NAME="Xceed Zip Compression Library" FILE_VERSION="4.5.81.0" ORIGINAL_FILENAME="XceedZip.dll" INTERNAL_NAME="XceedZip" LEGAL_COPYRIGHT="Copyright © 1996-2001 Xceed Software Inc." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x71A51" LINKER_VERSION="0x40005" UPTO_BIN_FILE_VERSION="4.5.81.0" UPTO_BIN_PRODUCT_VERSION="4.5.81.0" LINK_DATE="01/22/2002 21:22:08" UPTO_LINK_DATE="01/22/2002 21:22:08" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Backup Manager\BackupArchiveAPI.dll" SIZE="42496" CHECKSUM="0xF5C99000" BIN_FILE_VERSION="1.1.0.6" BIN_PRODUCT_VERSION="1.1.0.6" FILE_DESCRIPTION="Backup Archive API" COMPANY_NAME="Popwire AB" PRODUCT_NAME="Backup Manager" FILE_VERSION="1.1.0.6" ORIGINAL_FILENAME="BackupArchiveAPI.dll" INTERNAL_NAME="BackupArchiveAPI" LEGAL_COPYRIGHT="Copyright © 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.1.0.6" UPTO_BIN_PRODUCT_VERSION="1.1.0.6" LINK_DATE="07/28/2006 07:24:30" UPTO_LINK_DATE="07/28/2006 07:24:30" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Backup Manager\BackupArchiveInternalAPI.dll" SIZE="47616" CHECKSUM="0x26313F97" BIN_FILE_VERSION="1.2.0.9" BIN_PRODUCT_VERSION="1.2.0.9" FILE_DESCRIPTION="Backup Archive Internal API" COMPANY_NAME="Popwire AB" PRODUCT_NAME="Backup Manager" FILE_VERSION="1.2.0.9" ORIGINAL_FILENAME="BackupArchiveInternalAPI.dll" INTERNAL_NAME="BackupArchiveInternalAPI" LEGAL_COPYRIGHT="Copyright © 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.2.0.9" UPTO_BIN_PRODUCT_VERSION="1.2.0.9" LINK_DATE="07/28/2006 07:23:55" UPTO_LINK_DATE="07/28/2006 07:23:55" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Backup Manager\BackupArchiveServer.exe" SIZE="512000" CHECKSUM="0xC7CE2B9C" BIN_FILE_VERSION="1.2.0.13" BIN_PRODUCT_VERSION="1.2.0.13" PRODUCT_VERSION="1.2.0.13" FILE_DESCRIPTION="Backup Archive Server" COMPANY_NAME="Popwire AB" PRODUCT_NAME="Backup Manager" FILE_VERSION="1.2.0.13" ORIGINAL_FILENAME="BackupArchiveServer.exe" INTERNAL_NAME="BackupArchiveServer" LEGAL_COPYRIGHT="Copyright © 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.2.0.13" UPTO_BIN_PRODUCT_VERSION="1.2.0.13" LINK_DATE="07/28/2006 07:26:02" UPTO_LINK_DATE="07/28/2006 07:26:02" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Backup Manager\BackupDeviceAPI.dll" SIZE="49152" CHECKSUM="0x2AC64C85" BIN_FILE_VERSION="1.1.0.6" BIN_PRODUCT_VERSION="1.1.0.6" FILE_DESCRIPTION="Backup Device API" COMPANY_NAME="Popwire AB" PRODUCT_NAME="Backup Manager" FILE_VERSION="1.1.0.6" ORIGINAL_FILENAME="BackupDeviceAPI.dll" INTERNAL_NAME="BackupDeviceAPI" LEGAL_COPYRIGHT="Copyright © 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.1.0.6" UPTO_BIN_PRODUCT_VERSION="1.1.0.6" LINK_DATE="07/28/2006 07:23:18" UPTO_LINK_DATE="07/28/2006 07:23:18" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Backup Manager\BackupDeviceSCOMServer.dll" SIZE="1421312" CHECKSUM="0x5F737ADB" BIN_FILE_VERSION="1.8.0.36" BIN_PRODUCT_VERSION="1.8.0.36" PRODUCT_VERSION="1.8.0.36" FILE_DESCRIPTION="Backup Device SCOM Server" COMPANY_NAME="Popwire AB" PRODUCT_NAME="Backup Manager" FILE_VERSION="1.8.0.36" ORIGINAL_FILENAME="BackupDeviceSCOMServer.dll" INTERNAL_NAME="BackupDeviceSCOMServer" LEGAL_COPYRIGHT="Copyright © 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.8.0.36" UPTO_BIN_PRODUCT_VERSION="1.8.0.36" LINK_DATE="07/31/2006 12:37:25" UPTO_LINK_DATE="07/31/2006 12:37:25" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Backup Manager\BackupManagerAgentAPI.dll" SIZE="52224" CHECKSUM="0x1A01D57E" BIN_FILE_VERSION="1.1.0.7" BIN_PRODUCT_VERSION="1.1.0.7" FILE_DESCRIPTION="Backup Manager Agent API" COMPANY_NAME="Popwire AB" PRODUCT_NAME="Backup Manager" FILE_VERSION="1.1.0.7" ORIGINAL_FILENAME="BackupManagerAgentAPI.dll" INTERNAL_NAME="BackupManagerAgentAPI" LEGAL_COPYRIGHT="Copyright © 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.1.0.7" UPTO_BIN_PRODUCT_VERSION="1.1.0.7" LINK_DATE="07/28/2006 07:25:05" UPTO_LINK_DATE="07/28/2006 07:25:05" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Backup Manager\BackupManagerAgentServer.dll" SIZE="409600" CHECKSUM="0x3491EFEB" BIN_FILE_VERSION="1.2.0.17" BIN_PRODUCT_VERSION="1.2.0.17" PRODUCT_VERSION="1.2.0.17" FILE_DESCRIPTION="Backup Manager Agent Server" COMPANY_NAME="Popwire AB" PRODUCT_NAME="Backup Manager" FILE_VERSION="1.2.0.17" ORIGINAL_FILENAME="BackupManagerAgentServer.dll" INTERNAL_NAME="BackupManagerAgentServer" LEGAL_COPYRIGHT="Copyright © 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.2.0.17" UPTO_BIN_PRODUCT_VERSION="1.2.0.17" LINK_DATE="07/28/2006 09:55:05" UPTO_LINK_DATE="07/28/2006 09:55:05" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Backup Manager\BackupManagerSharedAPI.dll" SIZE="77824" CHECKSUM="0xEFE4AB66" BIN_FILE_VERSION="1.1.0.10" BIN_PRODUCT_VERSION="1.1.0.10" FILE_DESCRIPTION="Backup Manager Shared API" COMPANY_NAME="Popwire AB" PRODUCT_NAME="Backup Manager" FILE_VERSION="1.1.0.10" ORIGINAL_FILENAME="BackupManagerSharedAPI.dll" INTERNAL_NAME="BackupManagerSharedAPI" LEGAL_COPYRIGHT="Copyright © 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.1.0.10" UPTO_BIN_PRODUCT_VERSION="1.1.0.10" LINK_DATE="07/28/2006 07:22:43" UPTO_LINK_DATE="07/28/2006 07:22:43" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="File Manager\FMSCOM.dll" SIZE="1064960" CHECKSUM="0xD4ACC68F" BIN_FILE_VERSION="1.1.2.1" BIN_PRODUCT_VERSION="1.1.2.1" PRODUCT_VERSION="1, 1, 2, 1" FILE_DESCRIPTION="File Manager interface implementation for SCOM" COMPANY_NAME="Popwire AB" PRODUCT_NAME="File Management Service SCOM" FILE_VERSION="1, 1, 2, 1" ORIGINAL_FILENAME="FileMgmtSCOM.dll" INTERNAL_NAME="FileMgmtSCOM.dll" LEGAL_COPYRIGHT="Copyright © Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.1.2.1" UPTO_BIN_PRODUCT_VERSION="1.1.2.1" LINK_DATE="04/28/2006 13:02:23" UPTO_LINK_DATE="04/28/2006 13:02:23" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="File Manager\TC File Mgmt.dll" SIZE="77824" CHECKSUM="0xBD063F1" BIN_FILE_VERSION="2.1.0.1" BIN_PRODUCT_VERSION="2.1.0.1" PRODUCT_VERSION="2, 1, 0, 1" FILE_DESCRIPTION="File Management API Type Library and Proxy/Stub DLL" COMPANY_NAME="Popwire AB" PRODUCT_NAME="File Management API" FILE_VERSION="2, 1, 0, 1" ORIGINAL_FILENAME="TC File Mgmt.dll" INTERNAL_NAME="TC File Mgmt.dll" LEGAL_COPYRIGHT="Copyright © Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.1.0.1" UPTO_BIN_PRODUCT_VERSION="2.1.0.1" LINK_DATE="02/09/2006 13:49:07" UPTO_LINK_DATE="02/09/2006 13:49:07" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Install Mgmt\InMSCOM.dll" SIZE="479232" CHECKSUM="0x903A7848" BIN_FILE_VERSION="1.0.0.9" BIN_PRODUCT_VERSION="0.0.0.0" PRODUCT_VERSION="0.0.0.0" FILE_DESCRIPTION="Install Management SCOM" COMPANY_NAME="Popwire AB" PRODUCT_NAME="Install Management SCOM" FILE_VERSION="1.0.0.9" ORIGINAL_FILENAME="InMSCOM.dll" INTERNAL_NAME="InMSCOM.dll" LEGAL_COPYRIGHT="Copyright © 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.0.9" UPTO_BIN_PRODUCT_VERSION="0.0.0.0" LINK_DATE="02/03/2006 12:13:38" UPTO_LINK_DATE="02/03/2006 12:13:38" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Install Mgmt\TC Install Mgmt API.dll" SIZE="77824" CHECKSUM="0xAFFA7B33" BIN_FILE_VERSION="1.0.0.2" BIN_PRODUCT_VERSION="0.0.0.0" PRODUCT_VERSION="0.0.0.0" FILE_DESCRIPTION="Installation Management API" COMPANY_NAME="Popwire AB" PRODUCT_NAME="Installation Management API" FILE_VERSION="1.0.0.2" ORIGINAL_FILENAME="TC Install Mgmt API.dll" INTERNAL_NAME="TC Install Mgmt API.dll" LEGAL_COPYRIGHT="Copyright © 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.0.2" UPTO_BIN_PRODUCT_VERSION="0.0.0.0" LINK_DATE="09/14/2005 07:54:20" UPTO_LINK_DATE="09/14/2005 07:54:20" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="SyncMgmt\SmSCOM.dll" SIZE="344064" CHECKSUM="0x69A2E017" BIN_FILE_VERSION="1.0.0.4" BIN_PRODUCT_VERSION="0.0.0.0" PRODUCT_VERSION="0.0.0.0" FILE_DESCRIPTION="Sync Management SCOM" COMPANY_NAME="Popwire AB" PRODUCT_NAME="Sync Management SCOM" FILE_VERSION="1.0.0.4" ORIGINAL_FILENAME="SmSCOM.dll" INTERNAL_NAME="SmSCOM.dll" LEGAL_COPYRIGHT="Copyright © 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.0.4" UPTO_BIN_PRODUCT_VERSION="0.0.0.0" LINK_DATE="10/21/2005 07:30:37" UPTO_LINK_DATE="10/21/2005 07:30:37" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="SyncMgmt\TCSyncMgmtAPI.dll" SIZE="57344" CHECKSUM="0x9791E965" BIN_FILE_VERSION="1.0.0.1" BIN_PRODUCT_VERSION="1.0.0.1" PRODUCT_VERSION="1.0.0.1" FILE_DESCRIPTION="Sync Management API" COMPANY_NAME="Popwire AB" PRODUCT_NAME="Sync Management API" FILE_VERSION="1.0.0.1" ORIGINAL_FILENAME="TCSyncMgmtAPI.dll" INTERNAL_NAME="TCSyncMgmtAPI.dll" LEGAL_COPYRIGHT="Copyright © 2005 Popwire AB. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.0.1" UPTO_BIN_PRODUCT_VERSION="1.0.0.1" LINK_DATE="09/30/2005 07:10:24" UPTO_LINK_DATE="09/30/2005 07:10:24" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="kernel32.dll" SIZE="984064" CHECKSUM="0xF12E1D4A" BIN_FILE_VERSION="5.1.2600.2945" BIN_PRODUCT_VERSION="5.1.2600.2945" PRODUCT_VERSION="5.1.2600.2945" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF724D" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2945" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2945" LINK_DATE="07/05/2006 10:55:00" UPTO_LINK_DATE="07/05/2006 10:55:00" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:25 AM

Posted 05 April 2007 - 01:38 PM

Hi,

The problem with your flashdisk is not malware related.
I don't know what this error means or what it's causing it. Also, I don't know either what exact flashdisk you're having. All I can gather from above error is that it is company name: "Popwire AB" so it may be better to visit the main site where your flashdisk is available and look if there's a support option there, since they are the only one who know what this error exactly means and how to solve it.

Concerning your malware issue, good to hear that is solved again.

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 blow_fish

blow_fish
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 06 April 2007 - 01:36 AM

Thank you for cleaning up my computer

However I search my registry for contextual and still find several entries in registry... Should I delete them?

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:25 AM

Posted 06 April 2007 - 04:27 AM

Can you tell me what exact keys they are? Because it could be possible that contextual may also be a set by legit apps. This depends where they are.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 blow_fish

blow_fish
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 06 April 2007 - 10:33 AM

HKEY_CURRENT_USER\Software\TrustIn
HKEY_CURRENT_USER\Software\TrustIn\Contextual Ads
HKEY_CURRENT_USER\Software\TrustIn\URL Changer
HKEY_CURRENT_USER\Software\TrustIn\Weekly ExecuterHKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{15ED39F0-AFC8-11DB-ABBD-0800200C9A66}\1.0
HKEY_USERS\S-1-5-21-2025429265-329068152-682003330-1003\Software\TrustIn
HKEY_USERS\S-1-5-21-2025429265-329068152-682003330-1003\Software\TrustIn\Contextual Ads
HKEY_USERS\S-1-5-21-2025429265-329068152-682003330-1003\Software\TrustIn\URL Changer
HKEY_USERS\S-1-5-21-2025429265-329068152-682003330-1003\Software\TrustIn\Weekly Executer

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:25 AM

Posted 06 April 2007 - 10:36 AM

Ok, do next..

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\Software\TrustIn]

[-HKEY_USERS\S-1-5-21-2025429265-329068152-682003330-1003\Software\TrustIn]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

That should remove their subkeys as well. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 blow_fish

blow_fish
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 06 April 2007 - 10:51 AM

thanks.. found others too
Both this have trustin on them
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5604

This one have trustincontext.dll
HKEY_CLASSES_ROOT\TypeLib\{15ED39F0-AFC8-11DB-ABBD-0800200C9A66}\1.0\0\win32

And when I did a search for that dll file it have on this folder
C:\Documents and Settings\User\Local Settings\Temp\temp.fr3EC4
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp

Thanks again

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:25 AM

Posted 06 April 2007 - 11:00 AM

Hi,

Don't worry about these:

HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5604

These are the searches you used on them. So if you perform another search on it, it will be added there again. :thumbsup:

For the other one, create next regfix:

REGEDIT4

[-HKEY_CLASSES_ROOT\TypeLib\{15ED39F0-AFC8-11DB-ABBD-0800200C9A66}]

Save it as fix2.reg and doubleclick it to merge it.

Next is already present in the Yahoo quarantine folder, but you may delete it:
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp

The following one is present in your temp folder:

C:\Documents and Settings\User\Local Settings\Temp\temp.fr3EC4

so you may delete it as well.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:25 AM

Posted 15 April 2007 - 05:27 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users