mr.jak3 can i run the avg scanner in normal windows? because in safe mode my screen resolutin goes from 1024x746 to 640x480. and becuaseit does that i cant see what immm clicking in the avg window.. i only end up seeing the middle part of the window and i can resize it either/
ok im done w/ the asked stuff.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:29:23 AM 10/31/2006
+ Scan result:
HKU\S-1-5-21-117609710-492894223-1957994488-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yayaxyw.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-117609710-492894223-1957994488-500\Dc1.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n20rw601.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n20rw601.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n20rw601.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n20rw601.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
::Report end
----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 2:37:30 AM, on 10/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\Scanner.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
-----------------------------------------------------------------------
SmitFraudFix v2.117
Scan done at 1:14:33.13, Tue 10/31/2006
Run from C:\Documents and Settings\amru\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\DOCUME~1\amru\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Safety Bar\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
btw i also wanted to add that my desktop wallpaper disappered, which you siad would happen if the computer was noninfected and i ran option 2/
Hi again, it is looking clean now
How is the computer running ?
You don't seem to a firewall running, you must install one firewall.
NOTE: If you're using Windows XP firewall, I recommend that you install a better firewall. Windows firewall doesn't really provide enough protection.
Disable Windows firewall after installing a new firewall.
These are good (free) firewalls:
Please set your desktop again, the removal was part of the cleaning process.
Now you can clean AVG's Quarantine:
- Open AVG Anti-Spyware
- Click Infections
- Click Quarantine tab
- Click Select all
- Click Remove finally
- Close the program
You can remove VundoFix.
Now you can make your hidden files hidden again.
- Go to My Computer
- Select the Tools menu and click Folder Options
- Click the View tab.
- Checkmark the "Display the contents of system folders"
- Under the Hidden files and folders select "Show hidden files and folders"
- Check "Hide protected operating system files"
- Click Apply and then the OK and close My Computer.
=============
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
- Clear your system restore
This will clear the system restore folders from possible malware that was left behind during the cleaning process.- Use ATF Cleaner
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.- Use Ad-Aware
Download and install Ad-Aware. Update it and scan your computer regularly with it.- Use AVG Anti-Spyware
Update it and scan your computer regularly with it.- Use Spybot S&D
Download and install Spybot S&D. Update it and scan your computer regularly with it.- Install SpywareBlaster
SpywareBlaster will prevent spyware from being installed.- Install MVPS Hosts file
This prevents your computer from connecting to harmful sites.- Use Firefox browser
Firefox is faster, safer and better browser than Internet Explorer.- Keep your systen up-to-date
Visit Windows Update regularly.- Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.- Read this article by TonyKlein
So how did I get infected in the first place?- Stand Up and Be Counted !
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe
yea the stuff is not poping up anymore. thnks a bucnh mr.jak3
sorry to bother you again but since you told me to run adaware, i just ran it and it says it found 2 critical objects? should i be worried?
heres like quarantine log.. i quarantined just incase.
ArchiveData(auto-quarantine- 2006-10-31 13-13-18.bckp)
Referencefile : SE1R129 26.10.2006
======================================================
MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\amru\recent\Desktop.ini
obj[2]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[3]=MRU RegReference : S-1-5-21-117609710-492894223-1957994488-1006\software\microsoft\mediaplayer\medialibraryui mllastselectednode
obj[4]=MRU RegReference : S-1-5-21-117609710-492894223-1957994488-1006\software\microsoft\mediaplayer\player\settings opendir
obj[5]=MRU RegReference : S-1-5-21-117609710-492894223-1957994488-1006\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru value
obj[6]=MRU RegReference : S-1-5-21-117609710-492894223-1957994488-1006\software\microsoft\office\9.0\excel\recent files
obj[7]=MRU RegReference : S-1-5-21-117609710-492894223-1957994488-1006\software\microsoft\windows media\wmsdk\general computername
ADWARE.MYTOOLBAR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[8]=Regkey : S-1-5-21-117609710-492894223-1957994488-1006\software\microsoft\windows\currentversion\ext\stats\{c004dec2-2623-438e-9ca2-c9043ab28508}
Hi again, you're welcome
Ad-Aware finding seems to be a registry leftover. It has been cleaned now and you don't have to worry about it...
oh ok thnks!
As the problem appears to be resolved this topic has been archived.
If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.
Glad we could help
Posting Permissions
