Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

Hopefully I Got Everything...

Register FAQDonate Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 27th February 2007   #1
Inactive
 
Profile:
Join Date: Feb 2007
Posts: 10
Computer Experience:
Intermediate
ajheiks Reputation Level
Hopefully I Got Everything...
Hi guys,

I am actually a friend of psiegel81 and he was telling me about the great job you guys have been doing, so I figured I'd run a quick question by you.

I just recently had a pretty nasty trojan, everything seems to be running smoothly now, but I just wanted to make sure I got everything.

Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 6:08:40 PM, on 2/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programs\Plug Ins\Net Tools\AVG Anti-Spyware 7.5\guard.exe
C:\Programs\PLUGIN~1\NETTOO~1\AVG7~1.1\avgamsvr.exe
C:\Programs\PLUGIN~1\NETTOO~1\AVG7~1.1\avgupsvc.exe
C:\Programs\PLUGIN~1\NETTOO~1\AVG7~1.1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\sstray.exe
C:\Programs\PLUGIN~1\NETTOO~1\AVG7~1.1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programs\Plug Ins\Net Tools\ZoneAlarm\zlclient.exe
C:\Programs\Plug Ins\Net Tools\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Games\Valve\Steam\Steam.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programs\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programs\Plug Ins\Acrobat Reader 7.0.5\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\Programs\PLUGIN~1\NETTOO~1\AVG7~1.1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programs\Plug Ins\Net Tools\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programs\Plug Ins\Net Tools\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programs\Plug Ins\Net Tools\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.0.69.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130714456108
O20 - Winlogon Notify: WBSrv - C:\Programs\PLUGIN~1\WINDOW~1\wbsrv.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - C:\WINDOWS\system32\higehsg.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programs\Plug Ins\Net Tools\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Programs\PLUGIN~1\NETTOO~1\AVG7~1.1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Programs\PLUGIN~1\NETTOO~1\AVG7~1.1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Programs\PLUGIN~1\NETTOO~1\AVG7~1.1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


I am currently running ZoneAlarm for a Software Firewall and AVG:AS/AV, although I am looking for a new AS since my free trial of AVG:AS has just expired.

Any help would be greatly appreciated.

Thanks,
Aaron
ajheiks is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 27th February 2007   #2
Staff
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,541
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi ajheiks
Welcome to windowsbbs.

We need to do a couple things here.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


Please post the log here.
Geri
Geri is offline   Reply With Quote
Old 27th February 2007   #3
Inactive
 
Profile:
Join Date: Feb 2007
Posts: 10
Computer Experience:
Intermediate
ajheiks Reputation Level
SmitFraudFix v2.144

Scan done at 20:40:51.62, Mon 02/26/2007
Run from C:\Documents and Settings\Aaron J Heiks\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Aaron J Heiks


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Aaron J Heiks\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\AARONJ~1\FAVORI~1

C:\DOCUME~1\AARONJ~1\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"

[HKEY_CLASSES_ROOT\CLSID\{2016a466-91a2-43c6-97d8-2fd380f065ef}\InProcServer32]
@="C:\WINDOWS\system32\higehsg.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2016a466-91a2-43c6-97d8-2fd380f065ef}\InProcServer32]
@="C:\WINDOWS\system32\higehsg.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
ajheiks is offline   Reply With Quote
Old 27th February 2007   #4
Staff
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,541
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi ajheiks

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Please post the report and a new HJT log.
Thanks
Geri
Geri is offline   Reply With Quote
Old 27th February 2007   #5
Inactive
 
Profile:
Join Date: Feb 2007
Posts: 10
Computer Experience:
Intermediate
ajheiks Reputation Level
SmitFraudFix v2.144

Scan done at 21:20:16.84, Mon 02/26/2007
Run from C:\Documents and Settings\Aaron J Heiks\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"

[HKEY_CLASSES_ROOT\CLSID\{2016a466-91a2-43c6-97d8-2fd380f065ef}\InProcServer32]
@="C:\WINDOWS\system32\higehsg.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2016a466-91a2-43c6-97d8-2fd380f065ef}\InProcServer32]
@="C:\WINDOWS\system32\higehsg.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\AARONJ~1\FAVORI~1\Online Security Test.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End




Logfile of HijackThis v1.99.1
Scan saved at 9:30:51 PM, on 2/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programs\PLUGIN~1\NETTOO~1\AVG7~1.1\avgamsvr.exe
C:\Programs\PLUGIN~1\NETTOO~1\AVG7~1.1\avgupsvc.exe
C:\Programs\PLUGIN~1\NETTOO~1\AVG7~1.1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\sstray.exe
C:\Programs\PLUGIN~1\NETTOO~1\AVG7~1.1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programs\Plug Ins\Net Tools\ZoneAlarm\zlclient.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Programs\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programs\Plug Ins\Acrobat Reader 7.0.5\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\Programs\PLUGIN~1\NETTOO~1\AVG7~1.1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programs\Plug Ins\Net Tools\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programs\Plug Ins\Net Tools\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programs\Plug Ins\Net Tools\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.0.69.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130714456108
O20 - Winlogon Notify: WBSrv - C:\Programs\PLUGIN~1\WINDOW~1\wbsrv.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programs\Plug Ins\Net Tools\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Programs\PLUGIN~1\NETTOO~1\AVG7~1.1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Programs\PLUGIN~1\NETTOO~1\AVG7~1.1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Programs\PLUGIN~1\NETTOO~1\AVG7~1.1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
ajheiks is offline   Reply With Quote
Old 27th February 2007   #6
Staff
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,541
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi ajheiks

OK Good, We got rid of the smitfraud infection
You can delete that tool. There will be newer versions if ever needed again any way.

Can you tell me what trojan you got rid of and the file path, if you remember?

I think it would be a good idea to get a on-line scan to make sure everything is gone.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Also your Java is some what out of date we will fix that later.

Please post the Panda log here.

Geri
Geri is offline   Reply With Quote
Old 27th February 2007   #7
Inactive
 
Profile:
Join Date: Feb 2007
Posts: 10
Computer Experience:
Intermediate
ajheiks Reputation Level
I wish I could remember the name of the trojan I had. I do remember that it had my anti-spyware and anti-virus going nuts. As well as an extremely annoying icon in the systray that said I was infected and that I should download their anti-spyware software to heal my pc. I thought that I had everything clean, but at this point I am less than convinced.


Here's the Panda log:


Incident Status Location

Adware:adware/surfaccuracy Not disinfected Windows Registry
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-10.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-11.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-13.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-14.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-30.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-31.txt[.azjmp.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-33.txt[.xiti.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-37.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-9.txt[.azjmp.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies.txt[.go.com/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies.txt[.tucows.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies.txt[.xiti.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@2o7[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@adrevolver[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@advertising[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@atwola[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@ct.360i[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@doubleclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@go[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@go[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@go[3].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@questionmarket[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Aaron J Heiks\Desktop\CleanUp!\SmitfraudFix\Process.exe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Aaron J Heiks\Local Settings\Temp\Cookies\aaron j heiks@atwola[1].txt
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.041
Virus:mIRC/Gen Disinfected C:\Programs\mIRC\hix\aliases.ini
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\Programs\mIRC\hix\moo.dll
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\Programs\mIRC\hix\scripts\systeminfo\moo.dll
Adware:Adware/VideoActiveXObject Not disinfected C:\RECYCLER\S-1-5-21-329068152-1547161642-839522115-1003\Dc574.exe
ajheiks is offline   Reply With Quote
Old 27th February 2007   #8
Inactive
 
Profile:
Join Date: Feb 2007
Posts: 10
Computer Experience:
Intermediate
ajheiks Reputation Level
Well, I found most of that log to be an easy fix since most were just cookies. I have deleted my cookies and cleared my temp internet files in IE and FF2.

I've since deleted Process.exe

But I don't know what it doesn't like about mIRC\hix. I suppose I could take that off my system since I no longer us it.

Running AVG now then Panda again later, will post updated log when I am done.
ajheiks is offline   Reply With Quote
Old 27th February 2007   #9
Staff
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,541
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi ajheiks

I see you have AVG Anti-spyware.
Please run it at the settings given. Skip the download part.
  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  5. If you have any infections you will prompted, then select "Apply all actions"
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Please post the AVG log.

I would also like to see a uninstall list. Here is how to do this.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Incase you are wondering I don't like these. I'm hoping AVG will get rid of them.
surfaccuracy
ISTBar

Thanks
Geri
Geri is offline   Reply With Quote
Old 27th February 2007   #10
Staff
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,541
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi
Quote:
But I don't know what it doesn't like about mIRC\hix. I suppose I could take that off my system since I no longer us it.
You can remove it if you like, But not necessary.

Geri
Geri is offline   Reply With Quote
Old 28th February 2007   #11
Inactive
 
Profile:
Join Date: Feb 2007
Posts: 10
Computer Experience:
Intermediate
ajheiks Reputation Level
Ok, I ran AVG Anti-Spyware in safe mode and here's the report.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:14:15 PM 2/27/2007

+ Scan result:



C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.


::Report end


==================================================

Then I ran Panda's ActiveScan again as a second check to see what was left, here's that report.


Incident Status Location

Adware:adware/surfaccuracy Not disinfected Windows Registry
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-10.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-11.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-13.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-14.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-30.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-31.txt[.azjmp.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-33.txt[.xiti.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-37.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-9.txt[.azjmp.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@advertising[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@doubleclick[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@go[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@go[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Aaron J Heiks\Local Settings\Temp\Cookies\aaron j heiks@atwola[1].txt
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.041


==================================================

As you can see surfaccuracy and ISTBar are still there.
And here's the HJT Uninstall List you requested.


ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.7
Adobe Stock Photos 1.0
AIM 6.0
AOL Instant Messenger
ArcSoft Software Suite
AutoCAD 2000
AV Voice Changer Software 4.0
AVG Anti-Spyware 7.5
AVG Free Edition
BitTorrent 4.2.0
Cook'n with Betty Crocker
Descent 3
DivX
DivX Player
EPSON CardMonitor
EPSON Copy Utility
EPSON ES CX6400 Manual
EPSON Photo Print
EPSON PhotoStarter3.0
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
ESPN RunTime
Fraps
GameSpy Arcade
Google Earth
GTK+ 2.4.1 runtime environment
Half-Life(R) 2
HijackThis 1.99.1
HLSW v1.0.0.39
Hotfix for Windows XP (KB926239)
InCD (ahead software)
iTunes
J2SE Runtime Environment 5.0 Update 5
Kali II
Kquery4 (remove only)
LimeWire 4.12.6
Macromedia Shockwave Player
MAIET entertainment - Gunz
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Office 97, Professional Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
Mozilla Firefox (1.5.0.8)
Mozilla Firefox (2.0.0.2)
Mozilla Thunderbird (1.5)
MSN Music Assistant
MSXML 4.0 SP2 Parser and SDK
Musicmatch® Jukebox
Need for Speed Underground 2
Nero - Burning Rom
NVIDIA Drivers
NVIDIA nForce Utilities
NVIDIA Windows 2000/XP nForce Drivers
ObjectDock
Oscar's Renamer 1.0
Panda ActiveScan
Pivot Stickfigure Animator
PokerStars
PokerStars.net
Quake 4 (TM) SDK (remove only)
Quake 4(TM)
Quake II Demo
QuickTime
RealPlayer
ResChanger XP
SaTstrat (remove only)
ScanToWeb
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB925486)
Silkroad
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
SolidWorks 2000
SoulSeek Client 156c
Speed
Steam(TM)
Surf Accuracy
System Alert Popup
TDK Digital MixMaster
TeamSpeak 2 RC2
The GIMP 2.0.2
UltraVNC v1.0.1
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Ventrilo Client
Verizon Online
Verizon Yahoo! Applications
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WildTangent Web Driver
WinAce Archiver
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Xfire (remove only)
ZoneAlarm


Thanks again for your help,
Aaron
ajheiks is offline   Reply With Quote
Old 28th February 2007   #12
Staff
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,541
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi ajheiks

Surf Accuracy Is in your Add/Remove programs list.
Did you install it?

It can be uninstalled from there if you want it uninstalled.

Please download Spybot Search & Destroy and AdAware.

Follow all the instructions on this website to run a scan with both of these softwares.

Reboot your computer After the scans.

Then Please run and post a new Panda scan

Thanks
Geri
Geri is offline   Reply With Quote
Old 1st March 2007   #13
Inactive
 
Profile:
Join Date: Feb 2007
Posts: 10
Computer Experience:
Intermediate
ajheiks Reputation Level
I have know idea where the Surf Accuracy came from, especially since the date on it in my Add/Remove was from 2005. Anyway, I removed it, ran SpyBot and AdAware and here's what's left:



Incident Status Location

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-10.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-11.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-13.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-14.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-30.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-31.txt[.azjmp.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-33.txt[.xiti.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-37.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-9.txt[.azjmp.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@advertising[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@doubleclick[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@go[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@go[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Aaron J Heiks\Local Settings\Temp\Cookies\aaron j heiks@atwola[1].txt
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.041
ajheiks is offline   Reply With Quote
Old 1st March 2007   #14
Staff
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,541
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi ajheiks

Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this folder (if present):

C:\Program Files\Common Files\Totem Shared <<<This folder

After that, Reboot.

Then Please run and post a new Panda scan

Geri
Geri is offline   Reply With Quote
Old 3rd March 2007   #15
Inactive
 
Profile:
Join Date: Feb 2007
Posts: 10
Computer Experience:
Intermediate
ajheiks Reputation Level
Incident Status Location

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-10.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-11.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-13.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-14.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-30.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-31.txt[.azjmp.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-33.txt[.xiti.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-37.txt[.azjmp.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Aaron J Heiks\Application Data\Mozilla\Firefox\Profiles\rkpxk3ot.default\cookies-9.txt[.azjmp.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@advertising[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@doubleclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@go[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Aaron J Heiks\Cookies\aaron j heiks@go[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Aaron J Heiks\Local Settings\Temp\Cookies\aaron j heiks@atwola[1].txt
ajheiks is offline   Reply With Quote
Reply
Page 1 of 2 1 2

« problem pop-ups | Problem with Search Engine Hijack »
Thread Tools



All times are GMT +1. The time now is 11:20.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32