Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijack This log file: Infected with "mediacodec"

Started by gxk146 , Mar 06 2007 01:19 PM

  • Please log in to reply
18 replies to this topic

#1 gxk146

gxk146

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 06 March 2007 - 01:19 PM

I got a virus or whatever it is this morning off of MySpace. I ran my virus scan and it located it as "Mediacodec". I removed it, but it didn't effectively get rid of it. After doing a little research online, I came across Hijack This. However, I am not sure which of the programs I need to remove. Below is a copy of the log file. Please help!!



Logfile of HijackThis v1.99.1
Scan saved at 2:17:18 PM, on 3/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\DOCUME~1\Greg\APPLIC~1\ICROSO~1.NET\regsvr32.exe
C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Greg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\system32\stlb2.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {B64C2811-E88C-F413-F7AF-B2DECBB00AB3} - C:\WINDOWS\system32\xlncbt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Ncao] "C:\DOCUME~1\Greg\APPLIC~1\ICROSO~1.NET\regsvr32.exe" -vt mtx
O4 - HKCU\..\Run: [Eret] C:\WINDOWS\system32\fast.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab55579.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll
O20 - AppInit_DLLs: netdde.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

    Advertisements

Register to Remove

#2 gxk146

gxk146

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 07 March 2007 - 11:23 AM

It also appears that I have another virus/adware problem. Windows Defender keeps finding it, but won't get rid of it. It is titled something similar to: "click.spring.purityscan" Please help me resolve these two matters. Thanks! -Greg

#3 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 07 March 2007 - 04:40 PM

Download and install AVG Anti-Spyware (ewido). Then scan and post the report here.
Instructions and download link can be found here.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#4 gxk146

gxk146

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 08 March 2007 - 09:47 AM

Thank you for trying to help me out! I downloaded the AVG Anti-Spyware. I also went to the instructions page that you linked to. The first instruction says to update the software. I have been trying all morning to do that, but I keep getting the same message which says: "Error. Sorry, the server is not ready to serve." I have tried about 10 times over a 4 hour period and I keep getting the same message. Can I proceed without the update? What should be my next step?

#5 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 08 March 2007 - 10:12 AM

Remove the program in add and remove programs and download it again.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#6 gxk146

gxk146

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 08 March 2007 - 12:05 PM

Ok, that worked. Here is the Report results: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 1:01:27 PM 3/8/2007 + Scan result: C:\Documents and Settings\Greg\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate -> Adware.BrowserAid : Cleaned. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate\Active -> Adware.BrowserAid : Cleaned. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.Generic : Cleaned. HKU\S-1-5-21-3141012616-3828071179-3455791352-1006\Software\Internet Security -> Adware.Generic : Cleaned. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP876\A0071036.exe -> Adware.MediaTickets : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\wh6s6Xxo.exe -> Adware.Midaddle : Cleaned. HKLM\SOFTWARE\Classes\SearchHelp -> Adware.MidAddle : Cleaned. HKLM\SOFTWARE\Classes\SearchHelp\CLSID -> Adware.MidAddle : Cleaned. HKLM\SOFTWARE\Classes\SearchHelp\CurVer -> Adware.MidAddle : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\1J.exe -> Adware.Midadle : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\9.dll -> Adware.Midadle : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\AC.dll -> Adware.Midadle : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\D5t3TLXy.exe -> Adware.Midadle : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\En1ECNGw.dll -> Adware.Midadle : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\Il.dll -> Adware.Midadle : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\clicks.dll -> Adware.Midadle : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\f.dll -> Adware.Midadle : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\kPhlu.dll -> Adware.Midadle : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\p2psetup.exe -> Adware.P2PNet : Cleaned. C:\Config.Msi\4db73ecc.rbf -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP811\A0067841.dll -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP811\A0067864.dll -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP817\A0068214.dll -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP817\A0068215.exe -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP826\A0068618.dll -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP831\A0068846.dll -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP838\A0069279.exe -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP839\A0069343.dll -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP844\A0069585.exe -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP848\A0069878.exe -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP848\A0069883.dll -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP851\A0070016.exe -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP852\A0070125.exe -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP852\A0070130.dll -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP868\A0070842.dll -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP872\A0070946.exe -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP876\A0071034.exe -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP876\A0071040.exe -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP877\A0071122.dll -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP878\A0071131.dll -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP878\A0071132.exe -> Adware.PurityScan : Cleaned. C:\WINDOWS\SYSTEM32\bidz.dll -> Adware.PurityScan : Cleaned. C:\WINDOWS\SYSTEM32\fast.exe -> Adware.PurityScan : Cleaned. C:\WINDOWS\SYSTEM32\zcbckxe.dll -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP867\A0070839.exe -> Adware.SpyHeal : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP851\A0070015.exe -> Adware.ValueAd : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP856\A0070448.exe -> Adware.ValueAd : Cleaned. C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\05MN4PYV\TBPS[1].cab/TBPS.exe -> Adware.WebSearch : Cleaned. C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\05MN4PYV\tb3[1].cab/toolbar.dll -> Adware.WebSearch : Cleaned. HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\~344568.tmp -> Adware.Wintol : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\~347896.tmp -> Adware.Wintol : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\~349871.tmp -> Adware.Wintol : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\~371011.tmp -> Adware.Wintol : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\~485277.tmp -> Adware.Wintol : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\~588122.tmp -> Adware.Wintol : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\~671297.tmp -> Adware.Wintol : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\~743420.tmp -> Adware.Wintol : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\~748615.tmp -> Adware.Wintol : Cleaned. C:\Documents and Settings\Greg\Local Settings\Temp\~759111.tmp -> Adware.Wintol : Cleaned. C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OXEB0DQR\common[1].cab/common.dll -> Adware.Wintol : Cleaned. C:\WINDOWS\Temp\~351683.tmp -> Adware.Wintol : Cleaned. C:\WINDOWS\Temp\~351802.tmp -> Adware.Wintol : Cleaned. C:\WINDOWS\Downloaded Program Files\ParisVoyeur.exe -> Dialer.CDUpdater : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP876\A0071035.exe -> Downloader.PurityScan.be : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP876\A0071039.exe -> Downloader.Zlob.asv : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP869\A0070926.exe -> Downloader.Zlob.bov : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP869\A0070937.exe -> Downloader.Zlob.bov : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP872\A0070947.exe -> Downloader.Zlob.bov : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP872\A0070948.exe -> Downloader.Zlob.bov : Cleaned. C:\PROGRAMS\vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@advertising[2].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@bfast[2].txt -> TrackingCookie.Bfast : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@revsci[1].txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@zedo[2].txt -> TrackingCookie.Zedo : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP809\A0067751.exe -> Trojan.Small : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP811\A0067866.exe -> Trojan.Small : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP817\A0068216.exe -> Trojan.Small : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP823\A0068432.exe -> Trojan.Small : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP831\A0068833.exe -> Trojan.Small : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP838\A0069284.exe -> Trojan.Small : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP846\A0069682.exe -> Trojan.Small : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP849\A0069925.exe -> Trojan.Small : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP851\A0070020.exe -> Trojan.Small : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP856\A0070449.exe -> Trojan.Small : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP876\A0071041.exe -> Trojan.Small : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP878\A0071135.exe -> Trojan.Small : Cleaned. C:\WINDOWS\SYSTEM32\wapisvcc.exe -> Trojan.Small : Cleaned. ::Report end

#7 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 08 March 2007 - 07:50 PM

Can you run it again and see if anything reinstalled after it was deleted. Post the new log here.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#8 gxk146

gxk146

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 09 March 2007 - 08:42 AM

Here is the new report: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 9:38:45 AM 3/9/2007 + Scan result: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate -> Adware.BrowserAid : Cleaned. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate\Active -> Adware.BrowserAid : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP879\A0071160.rbf -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP879\A0071161.dll -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP879\A0071162.exe -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP879\A0071163.dll -> Adware.PurityScan : Cleaned. C:\WINDOWS\SYSTEM32\WіnSxS\spool32.exe -> Adware.PurityScan : Cleaned. C:\WINDOWS\SYSTEM32\wtjbf.dll -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP879\A0071164.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@revsci[2].txt -> TrackingCookie.Revsci : Cleaned. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP879\A0071159.exe -> Trojan.Small : Cleaned. C:\WINDOWS\SYSTEM32\wapisvcc.exe -> Trojan.Small : Cleaned. ::Report end

#9 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 09 March 2007 - 03:45 PM

Run this online scan and post the results here.

Also post a new hijackthis log.

Edited by little eagle, 09 March 2007 - 03:52 PM.

Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#10 gxk146

gxk146

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 12 March 2007 - 10:42 AM

Here is the file from the ActiveScan: Incident Status Location Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\otmnik.dll Adware:adware/popuper Not disinfected C:\Documents and Settings\Greg\Favorites\Spyware Removal.url Potentially unwanted tool:application/myway Not disinfected hkey_local_machine\software\MyWay Adware:adware/powersearch Not disinfected Windows Registry Adware:adware/searchexe Not disinfected Windows Registry Spyware:spyware/virtumonde Not disinfected Windows Registry Adware:adware/comet Not disinfected Windows Registry Adware:adware/ezula Not disinfected Windows Registry Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Greg\Cookies\greg@ad.yieldmanager[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Greg\Cookies\greg@ads.pointroll[2].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Greg\Cookies\greg@adtech[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Greg\Cookies\greg@advertising[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Greg\Cookies\greg@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Greg\Cookies\greg@atwola[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Greg\Cookies\greg@casalemedia[2].txt Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Greg\Cookies\greg@data.coremetrics[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Greg\Cookies\greg@doubleclick[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Greg\Cookies\greg@fastclick[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Greg\Cookies\greg@mediaplex[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Greg\Cookies\greg@realmedia[1].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Greg\Cookies\greg@systemdoctor[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Greg\Cookies\greg@trafficmp[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Greg\Cookies\greg@winantivirus[2].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Greg\Cookies\greg@www.systemdoctor[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Greg\Cookies\greg@www.winantivirus[2].txt Potentially unwanted tool:Application/SpyDawn Not disinfected C:\Documents and Settings\Greg\Local Settings\Temp\laf264C.tmp Adware:Adware/DesktopMedia Not disinfected C:\Program Files\Common Files\M?crosoft\arpa.exe Below is the new Hijack This log file: Logfile of HijackThis v1.99.1 Scan saved at 12:38:03 PM, on 3/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Sharp\Sharpdesk\SharpTray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\DOCUME~1\Greg\APPLIC~1\ICROSO~1.NET\regsvr32.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Sharp\Sharpdesk\sdFTP.exe C:\Program Files\Internet Explorer\iexplore.exe

    Advertisements

Register to Remove

#11 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 12 March 2007 - 06:27 PM

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Posted Image

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

Posted Image

This program will scan large amounts of files on your computer for known patterns so please be patient while it works.
It will create a file named: c:\rapport.txt
Please post the C:\rapport.txt in your next reply

IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#12 gxk146

gxk146

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 13 March 2007 - 09:37 AM

Here is the log file: SmitFraudFix v2.148 Scan done at 11:34:12.98, Tue 03/13/2007 Run from C:\Documents and Settings\Greg\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\casino.ico FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Greg »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Greg\Application Data C:\Documents and Settings\Greg\Application Data\Install.dat FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Greg\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" netdde.dll " »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

#13 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 13 March 2007 - 07:50 PM

Reboot your computer in Safe Mode. Instructions here if needed.

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

Posted Image

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Post that log along with all others requested in your next reply.

Run ATF Cleaner

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware, and run a full scan.
IMPORTANT: Do not open any other windows or
programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess.
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab
    then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little
    time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all
    actions    "
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the
    screen and save it as a text file on your Desktop (make sure to remember where you saved that file).
Close AVG Anti-Spyware and Reboot in Normal Mode.


Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing
Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

Then post:
1.c:rapport.txt
2.AVG Anti-Spyware log
3.A new HijackThis log

Your may need several replies to post the requested logs, otherwise they might get cut off.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#14 gxk146

gxk146

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 14 March 2007 - 10:32 AM

Rapport Log: SmitFraudFix v2.148 Scan done at 10:48:46.51, Wed 03/14/2007 Run from C:\Documents and Settings\Greg\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\casino.ico Deleted C:\Documents and Settings\Greg\Application Data\Install.dat Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End

#15 gxk146

gxk146

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 14 March 2007 - 10:35 AM

AVG Log:


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:23:03 PM 3/14/2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate -> Adware.BrowserAid : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate\Active -> Adware.BrowserAid : Cleaned.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP882\A0071204.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP882\A0071205.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP885\A0071392.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP886\A0071426.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP886\A0071439.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP886\A0071440.dll -> Adware.PurityScan : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP882\A0071203.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP885\A0071393.exe -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\wapiicc.exe -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\wapisvcc.exe -> Trojan.Small : Cleaned.


::Report end




Hijack This Log:


Logfile of HijackThis v1.99.1
Scan saved at 12:32:10 PM, on 3/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\DOCUME~1\Greg\APPLIC~1\ICROSO~1.NET\regsvr32.exe
C:\Program Files\Common Files\M?crosoft\arpa.exe
C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Highjack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\system32\stlb2.dll (file missing)
O2 - BHO: (no name) - {3D9EBE90-2002-3F9D-7517-79B21D6E85BD} - C:\WINDOWS\system32\ycph.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {B01B2F4B-B98A-F412-F1AF-B2DECBB30CE7} - C:\WINDOWS\system32\wtjbf.dll (file missing)
O2 - BHO: (no name) - {E1492B18-B4D9-F441-F7AF-B2DECBB30CBF} - C:\WINDOWS\system32\zcbckxe.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Ncao] "C:\DOCUME~1\Greg\APPLIC~1\ICROSO~1.NET\regsvr32.exe" -vt mtx
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Qqcuwn] C:\Program Files\Common Files\M?crosoft\arpa.exe
O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab55579.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll
O20 - AppInit_DLLs: netdde.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·