-
Finnaly!!! (Just look at the duration of the scanning process)
KASPERSKY ONLINE SCANNER REPORT
Sunday, November 25, 2007 02:29:09
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/11/2007
Kaspersky Anti-Virus database records: 464872
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 353929
Number of viruses found 21
Number of infected objects 103
Number of suspicious objects 0
Duration of the scan process 12:46:39
Infected Object Name Virus Name Last Action
C:\Documents and Settings\ALEKSANDAR\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\ALEKSANDAR\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ALEKSANDAR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ALEKSANDAR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ALEKSANDAR\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ALEKSANDAR\Local Settings\History\History.IE5\MSHist012007112420071125\index.dat Object is locked skipped
C:\Documents and Settings\ALEKSANDAR\Local Settings\Temp\Free Download Manager\tic25.tmp Object is locked skipped
C:\Documents and Settings\ALEKSANDAR\Local Settings\Temp\~DFA65C.tmp Object is locked skipped
C:\Documents and Settings\ALEKSANDAR\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ALEKSANDAR\My Documents\My Movies\DiVX\Original Sin\Install\Player\RadLight 3.03 R5.2\RadLight3.exe/data0036/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ag skipped
C:\Documents and Settings\ALEKSANDAR\My Documents\My Movies\DiVX\Original Sin\Install\Player\RadLight 3.03 R5.2\RadLight3.exe/data0036/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aw skipped
C:\Documents and Settings\ALEKSANDAR\My Documents\My Movies\DiVX\Original Sin\Install\Player\RadLight 3.03 R5.2\RadLight3.exe/data0036 Infected: not-a-virus:AdWare.Win32.SaveNow.aw skipped
C:\Documents and Settings\ALEKSANDAR\My Documents\My Movies\DiVX\Original Sin\Install\Player\RadLight 3.03 R5.2\RadLight3.exe/data0037 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\ALEKSANDAR\My Documents\My Movies\DiVX\Original Sin\Install\Player\RadLight 3.03 R5.2\RadLight3.exe Inno: infected - 4 skipped
C:\Documents and Settings\ALEKSANDAR\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\ALEKSANDAR\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-11-24.04-42-59.log Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\0SITPUDA.NQF Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Program Files\ESET\infected\EUEHMKAA.NQF Infected: Trojan-Proxy.Win32.Wopla.ac skipped
C:\Program Files\ESET\infected\FQ0ZZCBA.NQF Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Program Files\ESET\infected\H540WHBA.NQF Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Program Files\ESET\infected\L04KMZDA.NQF Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Program Files\ESET\infected\N55Q0UCA.NQF Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Program Files\ESET\infected\PG2LNUAA.NQF Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Program Files\ESET\infected\RZJYCJAA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.aqj skipped
C:\Program Files\ESET\infected\UG4K01CA.NQF/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.ava skipped
C:\Program Files\ESET\infected\UG4K01CA.NQF/stream Infected: Trojan-Downloader.Win32.Zlob.ava skipped
C:\Program Files\ESET\infected\UG4K01CA.NQF NSIS: infected - 2 skipped
C:\Program Files\ESET\infected\UG4K01CA.NQF UPX: infected - 2 skipped
C:\Program Files\ESET\infected\UG4K01CA.NQF PE_Patch.UPX: infected - 2 skipped
C:\Program Files\ESET\infected\UG4K01CA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Program Files\ESET\infected\V0KWPZBA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\ESET\infected\ZDH50ACA.NQF Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Program Files\ESET\infected\ZEKZF4CA.NQF Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Razno\baby_balloons.exe/file7 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Razno\baby_balloons.exe Inno: infected - 1 skipped
C:\Razno\brgcg203.exe/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aan skipped
C:\Razno\brgcg203.exe/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aan skipped
C:\Razno\brgcg203.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.aan skipped
C:\Razno\brgcg203.exe ZIP: infected - 3 skipped
C:\Razno\cherry_cook.exe/file12 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Razno\cherry_cook.exe Inno: infected - 1 skipped
C:\Razno\eastern_mahjong.exe/file7 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Razno\eastern_mahjong.exe Inno: infected - 1 skipped
C:\Razno\help_santa.exe/file07 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Razno\help_santa.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1067\A0510677.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aqj skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1067\A0510685.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aqj skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1067\A0510686.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aqj skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513808.exe/run.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.xp skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513808.exe/run.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.xp skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513808.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.xp skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513808.exe ZIP: infected - 3 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513809.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.vg skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513809.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513811.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.vg skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513811.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513812.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.vg skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513812.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513813.exe/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aan skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513813.exe/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aan skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513813.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.aan skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513813.exe ZIP: infected - 3 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513814.exe/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aan skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513814.exe/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aan skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513814.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.aan skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513814.exe ZIP: infected - 3 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513815.exe/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aan skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513815.exe/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aan skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513815.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.aan skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513815.exe ZIP: infected - 3 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513818.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.vg skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513818.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513855.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aum skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513855.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aum skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513855.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513855.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513855.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513860.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aum skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513860.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aum skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513860.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513860.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513860.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513869.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aum skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513869.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aum skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513869.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513869.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513869.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513962.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aum skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513962.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aum skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513962.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513962.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513962.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\My Fun\freeripmp3.exe/file35 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
D:\My Fun\freeripmp3.exe Inno: infected - 1 skipped
D:\My Fun\Razno\maturestown_com - free galleries2.htm Object is locked skipped
D:\My Fun\ZodiacInst.exe/ss20030521.exe/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
D:\My Fun\ZodiacInst.exe/ss20030521.exe/v2.0.3.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
D:\My Fun\ZodiacInst.exe/ss20030521.exe/v2.0.3.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
D:\My Fun\ZodiacInst.exe/ss20030521.exe/v2.0.3.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
D:\My Fun\ZodiacInst.exe/ss20030521.exe/v2.0.3.cab Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
D:\My Fun\ZodiacInst.exe/ss20030521.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
D:\My Fun\ZodiacInst.exe/SAVE-SYNCm-WHSE_searchbar.min.googleInst.exe/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
D:\My Fun\ZodiacInst.exe/SAVE-SYNCm-WHSE_searchbar.min.googleInst.exe/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
D:\My Fun\ZodiacInst.exe/SAVE-SYNCm-WHSE_searchbar.min.googleInst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
D:\My Fun\ZodiacInst.exe CreateInstall: infected - 9 skipped
D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513797.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.ava skipped
D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513797.exe/stream Infected: Trojan-Downloader.Win32.Zlob.ava skipped
D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513797.exe NSIS: infected - 2 skipped
D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513797.exe UPX: infected - 2 skipped
D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513797.exe PE_Patch.UPX: infected - 2 skipped
D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513987.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513987.exe/WISE0053.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513987.exe/WISE0053.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513987.exe WiseSFX: infected - 3 skipped
D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513993.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\change.log Object is locked skipped
Scan process completed.
-
Sometimes these games come bundled with adware, if you keep downloading them the way you have your going to keep infecting yourself, even though your HJT log looks clean, I would like you to run these two scans to be sure all is well
First go into your ESET virus program to the Quarantine folder and remove it all.
This wont take long
Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
This should not take longer than an hour
Please download and install AVG Anti-Spyware Free to your desktop.
- Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete you will need run AVG and update the definition files.
- On the main screen select the icon Update then select the Update now link.
- Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
- Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
- Once in the Settings screen click on Recommended actions and then select Quarantine <-- Dont forget this
- Under Reports
- Select Automatically generate report after every scan
- Un-Select Only if threats were found <-- Don't forget this
- Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
- AVG will now begin the scanning process, be patient this may take a little time.
- Once the scan is complete do the following:
- If you have any infections you will prompted, then select Apply all actions
- Next select the Reports icon at the top.
- Select the Save report as button in the lower left hand of the screen and save it to a text file on your system <--Don't forget this
- make sure to remember where you saved that file, this is important, I need to see that log.
- Close AVG Anti-Spyware Free
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning process:
Post both reports along with a new HJT log please
-
SMITFRAUDFIX LOG
SmitFraudFix v2.254
Scan done at 20:08:39.84, 11/26/2007
Run from C:\Documents and Settings\ALEKSANDAR\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ALEKSANDAR
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ALEKSANDAR\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ALEKSA~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 194.247.192.33
DNS Server Search Order: 194.247.192.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D515463C-AD78-4558-AAAD-6973E8741F5B}: NameServer=194.247.192.33 194.247.192.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D515463C-AD78-4558-AAAD-6973E8741F5B}: NameServer=194.247.192.33 194.247.192.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
AVG LOG
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 22:57:16 11/26/2007
+ Scan result:
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071121-231614-822.inf -> Adware.MediaTickets : Cleaned.
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513855.exe -> Downloader.Zlob.aum : Cleaned.
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513860.exe -> Downloader.Zlob.aum : Cleaned.
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513869.exe -> Downloader.Zlob.aum : Cleaned.
C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513962.exe -> Downloader.Zlob.aum : Cleaned.
D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513797.exe -> Downloader.Zlob.ava : Cleaned.
C:\Program Files\SHISEN\SHISEN.EXE -> Heuristic.Win32.Dialer : Cleaned.
D:\My Fun\Total Commander v.6.52\tc6Uni_crk.exe -> Logger.Agent : Cleaned.
:mozilla.7:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@2.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.131:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.132:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.28:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@i12[1].txt -> TrackingCookie.I12 : Cleaned.
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@max.i12[2].txt -> TrackingCookie.I12 : Cleaned.
:mozilla.49:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.50:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.77:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.78:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.
:mozilla.27:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.90:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.91:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.92:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.93:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.94:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.100:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.125:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.126:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.127:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.128:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\ALEKSANDAR\My Documents\Downloads\Water Bugs\PopCap Games DRM Protection Remover 0.1.exe -> Trojan.Small : Cleaned.
C:\Program Files\PopCap Games\Water Bugs\PopCap Games DRM Protection Remover 0.1.exe -> Trojan.Small : Cleaned.
D:\Downloads 2\Water bugs\PopCap Games DRM Protection Remover 0.1.exe -> Trojan.Small : Cleaned.
::Report end
HJT LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:44, on 11/26/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\Scanner.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.eunet.yu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.eunet.yu;*.eunet.yu;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [Desktop Service] C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Sid Registration.lnk = F:\ATR1.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O15 - Trusted Zone: www.vetup.minpolj.sr.gov.yu
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) - http://www.vetup.minpolj.sr.gov.yu/V...PrinterBvr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D515463C-AD78-4558-AAAD-6973E8741F5B}: NameServer = 194.247.192.33 194.247.192.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 6999 bytes
-
Your log looks fine
Download CCleaner from here to clean temp files from your computer.
- Double click on the file to start the installation of the program.
- Select your language and click OK, then next.
- Read the license agreement and click I Agree.
- Click next to use the default install location. Click Install then finish to complete installation.
- Double click the CCleaner shortcut on the desktop to start the program.
- On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
- If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
- Click on the "Options" icon at the left side of the window, then click on "Advanced."
deselect "Only delete files in Windows Temp folders older than 48 hours." - Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
- Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
- After CCleaner has completed its process, click Exit.
*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!
- Your Java is out of date and leaving your system vulnerable.
- Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
- It should have an icon next to it:
Select it and click Remove. - Reboot your system.
- Then go to the Sun Microsystems and install the update
- Java Runtime Environment Version 6 Update 3 <--This is what you need to download and install.
- If you chose the online installation, it will prompt you to run the program.
- If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
- Then after install you can verify your installation here Sun Java Verify
I like to to do the offline installation and save the setup file in case I may need it in the future
How are things running now??
-
I have completed everything you said. During installation of newest version of Java I was informed that for that version I should have Windows SP2, which I don't. Installation was successful, but could I have some problem with this because of lack of SP2.
Is now the right time to install SP2 since we, hopefully, cleaned all the threats from my computer, or should I do something else before?
My latest HJT log looks like this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:27, on 11/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.eunet.yu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.eunet.yu;*.eunet.yu;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [Desktop Service] C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Sid Registration.lnk = F:\ATR1.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O15 - Trusted Zone: www.vetup.minpolj.sr.gov.yu
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) - http://www.vetup.minpolj.sr.gov.yu/V...PrinterBvr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D515463C-AD78-4558-AAAD-6973E8741F5B}: NameServer = 194.247.192.33 194.247.192.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 6964 bytes
-
Your ready for SP2,
Run a cleaner.
Please download ATF Cleaner by Atribune to your desktop.
- This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Go to Start> All Programs> Assessories > System Tools> Defragmenter and select your C: drive and run the tool.
Open IE and go to Tools> Windows Updates and go for it, you can also download it here.
http://www.microsoft.com/windowsxp/sp2/default.mspx
Here are some free programs to install, don't leave home without them
- Spybot Search and Destroy 1.5
Check for Updates/ Immunize and run a Full System Scan on a regular basis.
- Spyware Blaster It will prevent most spyware from ever being installed.
- Spyware Guard It offers realtime protection from spyware installation attempts.
- Win Patrol This program will warn you when any changes are being made to your system and give
you the option to deny the change.
- IE-Spyad
IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads
(cookies etc) from the sites listed, although you will still be able to connect to the sites.
- Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and
painless download and install, it will no way interfere with IE, you can use them both.
- Zone Alarm Here is a free Firewall from Zone Labs, I
wouldn't access the internet without it.
Glad we could help.
Safe Surfn
Ken
-
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules