View Full Version : SmitFraud.888 and Outerinfo
siggybebop
2007-05-16, 14:10
Hi there,
I've been trying to get rid of this malware for a few days no with no luck. I also have this program Outerinfo installed which I tried to remove through the Controk Panel but still get random pop ups.
SpyBot always detects this SmitFraud.888 Toolbar plus other spyware and I get messages from my Adaware from a program names smanager.7.exe trying to change the registries. Here is my ;atest HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 10:07:53 PM, on 5/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\psimreal.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &AEVITA Save Flash - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CamWizard] C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?aef7b20671d74655be0beba9adcc6204
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?aef7b20671d74655be0beba9adcc6204
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://siggy-sparkle.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173496161687
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
pskelley
2007-05-18, 15:34
Welcome to Safer Networking, if you still need help and are not receiving it elsewhere, it appears you have missed some important instructions our administrator has posted at the top of the forum, especially this: "BEFORE you POST" Mandatory Steps Before Requesting Assistance http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please read and follow all instructions and post all required logs or reports, anything less will slow your process.
Use "Post Reply" to post the information in the instructions and stay in the same topic.
I will try to help, but I wish to start by asking that you read and follow the above directions. You can hold that online scan unless I request it.
Some information for you: SmitFraud.888 Toolbar is a false positive, see this:
http://forums.spybot.info/showthread.php?t=8668
Outerinfo is some really nasty adware associated with PurityScan. It has to go, if you can't uninstall it, try this uninstaller:
UNINSTALLER
http://www.outerinfo.com/OiUninstaller.exe
TUTORIAL
http://www.outerinfo.com/howto.html
I would also like a look at your Uninstall list like this:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
See this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
You Java program needs and update, once you have the newest version, uninstall all old versions in Add Remove programs.
It is very likely your problem is a Vundo infection which is a challenge to remove, return here:
C:\Program Files\Hijackthis\HijackThis.exe <<< and rename the HJT.exe, call it siggybebop.exe or what every you wish. After a reboot we will probably see Vundo if it is present.
smanager.7.exe <<< this item is normally showing in the log? and it is dangerous, see this:
http://fileinfo.prevx.com/fileinfo.asp?PXC=e1ca93053549
Search for that file and delete it, you will probably need all files and folders enabled:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Some spyware program has probably removed part of it, and left enough to cause the error?
Restart the computer and post any information I requested, any error message word for word, some information about where the popups are directing you, the uninstall list and a new HJT log.
Thanks
siggybebop
2007-05-20, 09:21
Hi - I think I have done everything as you have asked. I was also getting messages before that AVG Anti-Spyware was detecting Virtumonde or something but after I ran the Prevx it hasn't come as yet. I will check again at my next restart. I wasn't able to remove the older versions of Java using the Add/Remove programs but I have installed the new versions.
Here is my uninstall list:
µTorrent
AC3Filter (remove only)
Ad-Aware SE Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8
Adobe Shockwave Player
Adobe Stock Photos 1.0
AEVITA Save Flash version 1.5
Apple Software Update
Australian Law Courseware
AVG Anti-Spyware 7.5
Bejeweled for Pocket PC
CCleaner (remove only)
EndNote
Free WMA to MP3 Converter 1.16
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
ICQ 5.1
InCD EasyWrite Reader
Ipswitch WS_FTP Professional 2007
ISI ResearchSoft - Export Helper
iTunes
Java(TM) SE Development Kit 6 Update 1
Java(TM) SE Runtime Environment 6 Update 1
LimeWire PRO 4.12.10
Logitech® Camera Driver
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Magic ISO Maker v5.4 (build 0239)
Microsoft ActiveSync 3.7
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.3)
Nero OEM
Nero Suite
NeroVision Express 2 Content
NETGEAR WG311v2 802.11g Wireless PCI Adapter
NVIDIA Drivers
OneCare Advisor (Windows Live Toolbar)
Panda Antivirus 2007
Popup Blocker (Windows Live Toolbar)
Prevx1
PrimoPDF
PrimoPDF Redistribution Package
QuickTime
RealPlayer
Smart Menus (Windows Live Toolbar)
SoundMAX
Spybot - Search & Destroy 1.4
Tabbed Browsing (Windows Live Toolbar)
The Core Media Player 4.0
VideoLAN VLC media player 0.8.6a
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Service Pack 2
WinRAR archiver
and my new Hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 5:20:50 PM, on 5/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18EFAB42-6BFE-300F-F23C-6CE34CE5FCCC} - C:\WINDOWS\system32\iuiext.dll (file missing)
O2 - BHO: (no name) - {2A6F8842-B4F8-4C17-AA74-3B046DA5A6Fb} - C:\WINDOWS\system32\iegaobba.dll (file missing)
O2 - BHO: (no name) - {2B9A3E19-9D10-41B1-BB0C-1FC792F5483C} - (no file)
O2 - BHO: (no name) - {4254E07D-1B18-446C-BA07-20A70E629F88} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\oygvmens.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B5A2FE0A-844B-4EE9-A3D1-474B44E0496C} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &AEVITA Save Flash - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?aef7b20671d74655be0beba9adcc6204
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?aef7b20671d74655be0beba9adcc6204
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://siggy-sparkle.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173496161687
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\
O20 - Winlogon Notify: vtuurst - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Please tell me if there is anything else I should do. I really appreciate your time and effort. I haven't received any other pop ups or error messages but will post them as soon I do get them. Thanks :)
pskelley
2007-05-20, 14:08
G'Day and thanks for returning your information and the feedback, I can see the Vundo infection now...did you rename HJT? I expected this:
C:\Program Files\Hijackthis\HijackThis.exe to look like this C:\Program Files\Hijackthis\siggybebop.exe
I also see Prevx running in this new log and you may be running very slow with both AVG Anti-Spyware and Prevx running at the same time. I would appreciate it if you would not download any programs I do not request. While I do use Prevx at times, not for this infection and I may ask that you uninstall it shortly (unless you purchased it)
You may have killed the major infection, I will clean what I see, and see what happens.
1) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
2) AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.
3) Prevx: Right click on the Prevx icon in your system tray at the bottom-right corner of your screen and choose Show Management Console..
On the Management Console click the Protection Level drop-down menu. You will see three levels:
Maximum
Off
User Defined
4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {18EFAB42-6BFE-300F-F23C-6CE34CE5FCCC} - C:\WINDOWS\system32\iuiext.dll (file missing)
O2 - BHO: (no name) - {2A6F8842-B4F8-4C17-AA74-3B046DA5A6Fb} - C:\WINDOWS\system32\iegaobba.dll (file missing)
O2 - BHO: (no name) - {2B9A3E19-9D10-41B1-BB0C-1FC792F5483C} - (no file)
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\oygvmens.dll
O2 - BHO: (no name) - {B5A2FE0A-844B-4EE9-A3D1-474B44E0496C} - (no file)
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\
O20 - Winlogon Notify: vtuurst - C:\WINDOWS\
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
5) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
6) Use the instructions in the link to run AVG Anti-Spyware, delete or quarantine anything it finds and post the scan report.
http://forums.security-central.us/showthread.php?t=3165
Post that scan report and a new HJT log and let me know how the computer is running.
Cheers
Your uninstall list looks OK, stuff I would not run but it is your computer. Take a look for programs you no longer use. Since I know how Prevx slows a computer having tested it before, I will suggest, unless you purchased it or intend to, that you uninstall it.
Do you own AVG Anti-Spyware or is it a trial?
This topic has been archived due to lack of a response.
If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.
Re-opened upon request. :)
siggybebop
2007-05-28, 01:42
Hi there - I have done as required hopefully. The AVG Anti-Spyware is the trial version only.
New HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 9:12:54 AM, on 5/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\psimreal.exe
C:\Program Files\Hijackthis\siggybebop.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4254E07D-1B18-446C-BA07-20A70E629F88} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &AEVITA Save Flash - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?aef7b20671d74655be0beba9adcc6204
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?aef7b20671d74655be0beba9adcc6204
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://siggy-sparkle.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173496161687
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
The AVG Anti-Spyware log:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:41:28 AM 5/28/2007
+ Scan result:
:mozilla.112:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.64:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.67:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.44:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.108:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.109:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.110:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.111:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.202:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.203:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.204:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.205:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.206:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.207:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.208:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.209:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.397:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.156:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.98:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.113:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.114:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.51:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.53:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.70:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Live : Cleaned.
:mozilla.72:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Live : Cleaned.
:mozilla.107:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.281:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.282:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.301:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.302:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.303:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.304:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.84:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.85:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.86:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.217:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.380:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.381:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.382:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies-831.txt -> TrackingCookie.Starware : Cleaned.
::Report end
I have also uninstalled Prefex and have run ATF-Cleaner as well...
siggybebop
2007-05-28, 09:06
I also forgot to mention - my internet seems to be really slow. I have a wireless connection that is encrypted and all my other computers are running fine and I haven't gone over my cap as well. When I run the AVG Anti-Spyware and then ATF Cleaner and restart it works fine...but after a while I can't even open the browser even when it is showing in the task manager. I just ran another AVG Anti-Spyware, and it found quite a bit more than in the morning and here is the report:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 4:56:15 PM 5/28/2007
+ Scan result:
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP68\A0030920.dll -> Adware.BHO : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP76\A0047258.dll -> Adware.BHO : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP66\A0026741.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP66\A0026742.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP66\A0029832.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP66\A0029833.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP72\A0035064.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP72\A0035065.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP78\A0054318.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP61\A0022613_exe.vir -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP60\A0022559.exe -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP72\A0033007.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP72\A0033022.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP72\A0033024.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP66\A0026807_exe.vir -> Adware.WebHancer : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP66\A0030839.exe -> Downloader.PurityScan.eg : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP66\A0030843.exe -> Downloader.PurityScan.eg : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP65\A0024736.exe -> Downloader.PurityScan.ej : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP66\A0026740.exe -> Downloader.PurityScan.ej : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP66\A0030820.exe -> Downloader.PurityScan.ej : Cleaned.
C:\System Volume Information\_restore{B7ACD6C2-137D-4AD8-90C0-E20AC6C13283}\RP76\A0047257.exe -> Downloader.PurityScan.ej : Cleaned.
C:\Program Files\WinRAR\WinRAR.Patch.rar/winrar.3.xx.generic.patch.exe -> Not-A-Virus.Hacktool.Crack : Cleaned.
C:\Program Files\WinRAR\winrar.3.xx.generic.patch.exe -> Not-A-Virus.Hacktool.Crack : Cleaned.
:mozilla.27:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.29:C:\Documents and Settings\Sugandha\Application Data\Mozilla\Firefox\Profiles\ga8a00ng.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
::Report end
pskelley
2007-05-28, 14:55
Sorry, I did not get my notification when you posted as I should have:sad:
Looks like you removed Prevx which was a wise choice, it slowed my computer a lot even just during the trial.
AVG Anti-Spyware will also slow you and I suggest that you can turn it off and keep the scanner and free updates if you wish, but it uses resources and gives nothing for them after the trial period.
You are going to need at least one good Anti-Spyware program, after you read links I am going to post from experts, if you have not decided, then try this free one:
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Remember to run only one antivirus program and one firewall.
I suggest you get with your Internet Service provider about the slow internet. Malware may have changed some of the setting and they would be the folks who could help you with that.
You may also get help here: http://pcpitstop.com/internet/default.asp
The HJT log looks to be clean of malware, here is some information to help control Firefox cookies:
http://mozilla.gunnars.net/firefox_help_firefox_cookie_tutorial.html
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
Your System Restore files are corrupted, do this: System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
siggybebop
2007-05-29, 01:29
Hi - thanks very much for all your help :) It does seem to be running much better now and hopefully it will stay like that :)
Thanks again
pskelley
2007-06-08, 01:10
As the problem appears to be resolved this topic has been closed.
If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.
Thanks