Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Stupid About:Blank

Started by LadyKareese , Mar 27 2006 11:47 PM

  • This topic is locked This topic is locked
5 replies to this topic

#1 LadyKareese

LadyKareese

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 27 March 2006 - 11:47 PM

Could anyone help me get rid of this crazy About:Blank stuff? This is the second time I've gotten it, and even though I read over the last posts, I can't seem to get it to be completely gone. Thanks in advance for your help.. You people are wonderful! I've listed my HJT Log:


Logfile of HijackThis v1.99.1
Scan saved at 11:40:09 PM, on 3/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1137859284\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\dlbucoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\betsy\Desktop\HijackThis.exe

O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp3F67.tmp
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137859284\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

    Advertisements

Register to Remove

#2 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 30 March 2006 - 05:57 PM

Hello and welcome to TomCoyote forum. This is the Smitfraud trojan, and before I post the removal instructions I want to give you this information.

1) Move HJT from the Desktop for safety. I prefer C:\HJT\HijackThis.exe, if you need additional instructions use these: http://russelltexas....tehjtfolder.htm

2) C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe http://www.clickz.co...cle.php/3561546
http://www.greatis.c...viewmgr.exe.htm
http://www.spywarein...4.php#viewpoint
I suggest you use Add Remove programs and uninstall the program highited in red.

Thanks to noahdfear and any others who helped with this fix.

3) Enable hidden files and folders: http://www.xtra.co.n...1916458,00.html You may not see the bad stuff unless you do this.

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Please print out or copy these instructions\tutorials to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Download SmitRem.exe © noahdfear from one of these sites to your Desktop.
http://www.downloads...org/smitRem.exe
[url="http://noahdfear.geekstogo.com/click%20cou....php?id=1""]http://noahdfear.geekstogo.com/click%20cou....php?id=1"[/url]

Double-click the smitRem.exe and it will extract the files to a smitRem folder on your Desktop, DO NOT run it yet.

Please download the trial version of ewido anti-malware 3.5. Install ewido anti-malware 3.5: http://www.ewido.net/en/download/ and start the program from the icon on your desktop, then check for and download updates. DO NOT run it run.

Restart the computer in Safe Mode.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Tuturial if needed: http://www.bleepingc...tutorial61.html

logon to your user account.
Open the smitfraud folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. When the tool completes:

Run hijackthis. Hit None of the above, just start the program, then click "SCAN" Put a Check in the box on the left side on these:

O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp3F67.tmp
(the toolbar is missing a file and is not working right if at all, If you use it install it again when we are finished)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)


Close ALL windows and browsers except HijackThis and click "Fix checked"

RIGHT Click on Start then click on Explore. Locate and delete these files or folders if there:

C:\WINDOWS\System32\nvctrl.exe >>> file

C:\WINDOWS\System32\mssearchnet.exe >>> file


Open Ewido Security Suite
Then please run Ewido, click on the Scanner run a full scan and let
it clean everything it finds unless you know it is not bad.
Once the scan has completed, there will be a button located on the bottom
of the screen named
Click Save report
Save the report to your desktop

In the Control Panel click Display > Desktop > Customize desktop > Website > Uncheck "Security Info" if present.

Empty recycle bin and restart the computer.


Download this file from the link to your desktop.
http://www.mvps.org/.../DelDomains.inf

Right-click on the deldomains.inf file and select 'Install'

Once it is finished your Security Zones should be reset.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.

Post in this same topic the contents of the log C:\smitfiles.txt a new HijackThis log and the ewido scan results.

Let me know how the computer is running now, we may have more to do.

Thanks...pskelley
TomCoyote forum
Expert Member

Edited by pskelley, 30 March 2006 - 05:59 PM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#3 LadyKareese

LadyKareese

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 02 April 2006 - 08:13 PM

Pskelley,

Thank you so much for your time and advice.

I didn't have ANY problems whatsoever until it came to setting my Security Zones back to normal. When I download the file, it comes up as a Notepad file and I guess I'm being ignorant, because when I right click, I can't find an 'Install" to click. Any advice or suggestions?

My homepage is now back to msn.com and my computer is running much faster. Here are the requested file logs:

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:04:52 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1137859284\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137859284\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe



SmitFiles Log:

smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Sat 04/01/2006
The current time is: 18:41:13.67

Running from
C:\Documents and Settings\betsy\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Security Troubleshooting.url


~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

1024 dir
ncompat.tlb
hp***.tmp


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 780 'explorer.exe'
Killing PID 780 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :)


~~~ Upon reboot ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!



Ewido Log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:44:05 PM, 4/1/2006
+ Report-Checksum: A93E9BDE

+ Scan result:

:mozilla.10:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.12:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.14:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.23:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.24:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.25:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.30:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.34:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.40:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.41:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.51:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.56:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.60:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.69:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.70:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.71:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.72:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.73:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.74:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.75:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.76:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.77:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.83:C:\Documents and Settings\betsy\Application Data\Mozilla\Firefox\Profiles\3cekuck0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\betsy\Cookies\betsy@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\betsy\Cookies\betsy@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\RECYCLER\S-1-5-21-790525478-1275210071-839522115-1004\Dc9.txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\WINDOWS\system32\interf.tlb -> Trojan.Small : Cleaned with backup


::Report End


Please let me know if there is anything else I need to clean up. I was worried the other day that I saw "Zlob" on ewido. Please let me know if that is also cleaned up?

Thanks again!

Kareese :)

#4 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 03 April 2006 - 09:14 AM

Hi LadyKareese, who's Betsy? I am looking over your logs now. I don't know why you had a problem with DelDomains, it does it all for you and may have. The bad guys like to get into "trusted zones" and DelDomains cleans them out. If you need instructions to check to make sure they are clean, let me know.

Looks like noahdfears tool did the job :)

ewido anti-malware - Scan report Created on: 7:44:05 PM, 4/1/2006
No problems, everything located removed, here is some help with those junk cookies if you wish:
http://privacy.getne...fdisablecookies
http://www.mozilla.o..._priv_help.html

Logfile of HijackThis v1.99.1 Scan saved at 8:04:52 PM, on 4/1/2006
AND...your HJT log is clean :lol: Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.o...topic.php?t=957
http://russelltexas....re/allclear.htm
http://forum.malware...wtopic.php?t=14
http://www.bleepingc...topict2520.html
http://cybercoyote.o...not-admin.shtml

ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.syma...src=sec_doc_nam

Please let me know if there is anything else I need to clean up. I was worried the other day that I saw "Zlob" on ewido. Please let me know if that is also cleaned up?
Thanks again!

You are certainly welcome, nothing to worry about. Look at the advice of those experts, turn ewido off after the trial but keep the scanner, it is yours free for as long as you like and follow the directions to clean your System Restore.

Safe surfing...Phil :wavey:

Thanks...pskelley
TomCoyote forum
Expert Member
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#5 LadyKareese

LadyKareese

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 03 April 2006 - 01:08 PM

Phil, Thank you so much! You asked me who "Betsy" is.. That is also me.. I'm a role-playing junkie.. Kareese is the name of my character in GemstoneIV. I'm weird, what can I say?!? :) Enjoy your day.. and again, thank you! Betsy aka LadyKareese :wavey:

#6 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 04 April 2006 - 08:44 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·