virusburst removal help [Archive] - Safer-Networking Forums

View Full Version : virusburst removal help

daneh

2006-11-05, 01:08

Could someone please look at these attachments to see if I have successfully removed this wonderful malware? I didn't get to save the online scan, I hope it isn't extremely important. As this is the absolute first time ever posting on a forum, I am going to try to paste the logs.

SmitFraudFix v2.118

Scan done at 20:20:06.74, Fri 11/03/2006
Run from C:\Documents and Settings\Bob Anderson\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{27321538-5739-4aa1-b84c-7d18e4383f1f}"="ferrateen"

[HKEY_CLASSES_ROOT\CLSID\{27321538-5739-4aa1-b84c-7d18e4383f1f}\InProcServer32]
@="C:\WINDOWS\System32\rrtcany.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{27321538-5739-4aa1-b84c-7d18e4383f1f}\InProcServer32]
@="C:\WINDOWS\System32\rrtcany.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\rrtcany.dll Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\iVideoCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:04:49 PM 11/3/2006

+ Scan result:

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Ignored.
C:\Documents and Settings\Bob Anderson\Local Settings\Temporary Internet Files\Content.IE5\3XB9K0QD\WinAntiVirusPro2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
:mozilla.19:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.40:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.89:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.90:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.91:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.92:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Ana Anderson\Application Data\Mozilla\Firefox\Profiles\ev9zwo3g.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.27:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.98:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.62:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.183:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.184:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.185:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.67:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.132:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.15:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.16:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.17:C:\Documents and Settings\Ana Anderson\Application Data\Mozilla\Firefox\Profiles\ev9zwo3g.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.285:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.286:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.292:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.100:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.101:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.102:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.103:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.104:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.105:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.99:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.147:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.250:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.68:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.85:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.305:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.307:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.308:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.317:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.80:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Bob Anderson\Cookies\bob anderson@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.150:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.137:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.138:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.139:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.140:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.148:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.155:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.159:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.162:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.75:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.76:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.77:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.78:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.82:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Bob Anderson\Cookies\bob anderson@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.151:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.152:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.153:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.154:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.165:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.166:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.167:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.168:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.169:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.22:C:\Documents and Settings\Ana Anderson\Application Data\Mozilla\Firefox\Profiles\ev9zwo3g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.23:C:\Documents and Settings\Ana Anderson\Application Data\Mozilla\Firefox\Profiles\ev9zwo3g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.24:C:\Documents and Settings\Ana Anderson\Application Data\Mozilla\Firefox\Profiles\ev9zwo3g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.25:C:\Documents and Settings\Ana Anderson\Application Data\Mozilla\Firefox\Profiles\ev9zwo3g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.227:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.228:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.229:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.230:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.231:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.58:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.59:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.60:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.61:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.265:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.266:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.267:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.186:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.187:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.188:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.189:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.190:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.191:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.192:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.193:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.202:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\LocalService\Cookies\bob anderson@server3.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.10:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.10:C:\Documents and Settings\Ana Anderson\Application Data\Mozilla\Firefox\Profiles\ev9zwo3g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.11:C:\Documents and Settings\Ana Anderson\Application Data\Mozilla\Firefox\Profiles\ev9zwo3g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.198:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.199:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.200:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.201:C:\Documents and Settings\Bob Anderson\Application Data\Mozilla\Firefox\Profiles\b4pypxd6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.9:C:\Documents and Settings\Ana Anderson\Application Data\Mozilla\Firefox\Profiles\ev9zwo3g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

So this is the rapport and avg logs. I'll have to post the hijackthis log in another post.

Thanks for the help. Dwayne

daneh

2006-11-05, 01:10

This is the only way I could find to post the hijackthis log.hope it is ok.

Logfile of HijackThis v1.99.1
Scan saved at 9:31:09 PM, on 11/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://www.toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mreis.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mreis.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mreis.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

Thanks, Dwayne

pskelley

2006-11-05, 15:34

Hello Dwayne, welcome to the forum and thanks for returning your information.

These items: C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Ignored.
C:\Documents and Settings\Bob Anderson\Local Settings\Temporary Internet Files\Content.IE5\3XB9K0QD\WinAntiVirusPro2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
Are both bad, Winfixer is a rouge spyware product that often comes with the Vundo trojan, let's hope it is not hidden.

You need to either run AVG Anti-Spyware again and delete those two items or navigate to them and delete them manually. It may have to be done in Safe Mode?

Looks like Smitfraud is gone, I suggest you remove this resource waster in Add Remove programs:
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
For your information, Viewpoint is installed by aol probably without your knowledge.
http://www.clickz.com/news/article.php/3561546
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint

If the Vundo trojan is present, you should know it, it is a prolific popup maker, usually directing to that Winfixer junk. We can look to see if it is hidden like this:
C:\Program Files\Hijackthis\HijackThis.exe <<< return here and right click the .exe then rename it to daneh.exe or whatever you wish. The next log should show the trojan if it is there.

Let's do this:
Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
will block our fix, use the instruction in number three (3) in this link:
http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/33/ to turn it off.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(the viewpoint lines should be gone after the uninstall)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post a new HJT log, let me know of any issues.

Your Java program is badly out of date, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
If it has not gotten you infected yet, it is only a matter of time, update to the newest version, uninstqall all old version and keep that one up to date.
C:\Program Files\Java\j2re1.4.2_03\ <<< out of date

Thanks

daneh

2006-11-06, 00:05

Thanks so much for the help. here is the new log.

Logfile of HijackThis v1.99.1
Scan saved at 5:02:19 PM, on 11/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hijackthis\daneh.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) -

http://www.toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) -

http://mreis.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) -

http://mreis.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -

http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) -

http://mreis.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.EXE

Thanks again. Dwayne

pskelley

2006-11-06, 00:12

Hi Dwayne, please do not format your logs, we can not scan them like that. Open Notepad and click Format then remove the check from in front of "Word Wrap", then post another HJT log which should be single spaced like the first one you posted. I am not seeing much in the log, please describe any problems you are having.

Thanks

daneh

2006-11-06, 03:20

here is the reformatted hjt log, sorry for the formatted post.

Logfile of HijackThis v1.99.1
Scan saved at 5:02:19 PM, on 11/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hijackthis\daneh.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://www.toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mreis.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mreis.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mreis.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

I am having no problems at this time, but according to the post from the tech, I needed to post this hjt log to be sure I got all the "stuff". Thanks for all your help.

pskelley

2006-11-06, 03:28

Thanks and yeah, it is best to do a final check. I still see the out of date version of Java and believe me, this will get you infected. I suggest you update it now and uninstall all old versions in Add Remove programs. Your HJT log looks fine otherwise, please follow these instructions:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html

Safe surfing...tashi:) will close your topic in a few days.

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

tashi

2006-11-14, 03:35

As the problem appears to be resolved this topic has been archived. :)

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Glad we could help.