tippoff Posted January 28, 2007 Report Share Posted January 28, 2007 ...it was the link in msn that i clicked.it was something like 'i hope this isn't you:[link]'.so now my computer:-keeps sending the link to everyone in my contacts list every time i log onto msn.-won't let me system restore.-can't access sites like symantec or online scans-antivirus program (norton) can't find it-won't let me uninstall msn-keeps changing back settings every time i try to view hidden files and foldershelp, please?anyway, here's what i got (ran in safe mode):Logfile of HijackThis v1.99.1Scan saved at 8:04:45 PM, on 1/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=s.....amp;N=EM&O= IF3 - REG:win.ini: load=C:\WINDOWS\system32\qobizxnts\winlogon.exeF3 - REG:win.ini: run=C:\WINDOWS\system32\qobizxnts\winlogon.exeO1 - Hosts: 1.1.1.1 f-secure.comO1 - Hosts: 1.1.1.1 www.f-secure.comO1 - Hosts: 1.1.1.1 ftp.f-secure.comO1 - Hosts: 1.1.1.1 ftp.sophos.comO1 - Hosts: 1.1.1.1 liveupdate.symantec.comO1 - Hosts: 1.1.1.1 customer.symantec.comO1 - Hosts: 1.1.1.1 dispatch.mcafee.comO1 - Hosts: 1.1.1.1 download.mcafee.comO1 - Hosts: 1.1.1.1 rads.mcafee.comO1 - Hosts: 1.1.1.1 mast.mcafee.comO1 - Hosts: 1.1.1.1 my-etrust.comO1 - Hosts: 1.1.1.1 www.my-etrust.comO1 - Hosts: 1.1.1.1 nai.comO1 - Hosts: 1.1.1.1 www.nai.comO1 - Hosts: 1.1.1.1 networkassociates.comO1 - Hosts: 1.1.1.1 secure.nai.comO1 - Hosts: 1.1.1.1 securityresponse.symantec.comO1 - Hosts: 1.1.1.1 service1.symantec.comO1 - Hosts: 1.1.1.1 sophos.comO1 - Hosts: 1.1.1.1 www.sophos.comO1 - Hosts: 1.1.1.1 support.microsoft.comO1 - Hosts: 1.1.1.1 symantec.comO1 - Hosts: 1.1.1.1 www.symantec.comO1 - Hosts: 1.1.1.1 update.symantec.comO1 - Hosts: 1.1.1.1 updates.symantec.comO1 - Hosts: 1.1.1.1 us.mcafee.comO1 - Hosts: 1.1.1.1 vil.nai.comO1 - Hosts: 1.1.1.1 viruslist.comO1 - Hosts: 1.1.1.1 www.viruslist.comO1 - Hosts: 1.1.1.1 grisoft.comO1 - Hosts: 1.1.1.1 www.grisoft.comO1 - Hosts: 1.1.1.1 free.grisoft.comO1 - Hosts: 1.1.1.1 trendmicro.comO1 - Hosts: 1.1.1.1 housecall.trendmicro.comO1 - Hosts: 1.1.1.1 www.trendmicro.comO1 - Hosts: 1.1.1.1 pandasoftware.comO1 - Hosts: 1.1.1.1 www.pandasoftware.comO1 - Hosts: 1.1.1.1 usa.kaspersky.comO1 - Hosts: 1.1.1.1 ewido.netO1 - Hosts: 1.1.1.1 www.ewido.netO1 - Hosts: 1.1.1.1 zonelabs.comO1 - Hosts: 1.1.1.1 www.zonelabs.comO1 - Hosts: 1.1.1.1 bitdefender.comO1 - Hosts: 1.1.1.1 www.bitdefender.comO1 - Hosts: 1.1.1.1 download.bitdefender.comO1 - Hosts: 1.1.1.1 upgrade.bitdefender.comO1 - Hosts: 1.1.1.1 spywareinfo.comO1 - Hosts: 1.1.1.1 www.spywareinfo.comO1 - Hosts: 1.1.1.1 merijn.orgO1 - Hosts: 1.1.1.1 www.merijn.orgO1 - Hosts: 1.1.1.1 sysinternals.comO1 - Hosts: 1.1.1.1 www.sysinternals.comO1 - Hosts: 1.1.1.1 onguardonline.govO1 - Hosts: 1.1.1.1 www.onguardonline.govO1 - Hosts: 1.1.1.1 avast.comO1 - Hosts: 1.1.1.1 www.avast.comO1 - Hosts: 1.1.1.1 safety.live.comO1 - Hosts: 1.1.1.1 www.paretologic.comO1 - Hosts: 1.1.1.1 paretologic.comO1 - Hosts: 1.1.1.1 virusscan.jotti.orgO1 - Hosts: 1.1.1.1 services.google.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {2C4F57F2-7633-42E3-8D33-529F0491ABFC} - C:\WINDOWS\system32\fccaw.dll (file missing)O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Startup: winlogon.lnk = ?O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {9B14B03A-B482-45C3-BE37-5B7CAA8B0B5D} (QBH Control) - http://hsearch.nayio.com/download/QBH.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: fccaw - C:\WINDOWS\system32\fccaw.dll (file missing)O20 - Winlogon Notify: NavLogon - C:\WINDOWS\O20 - Winlogon Notify: winpcn32 - winpcn32.dll (file missing)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe Link to post Share on other sites
rmurphy Posted January 28, 2007 Report Share Posted January 28, 2007 Hi tippoff, welcome to Besttechie! I'm Ryan, and I'll be helping you clean your computer.You will want to print out a copy of these instructions to follow while you complete this procedure.1. Please download hosts.zipExtract the contents of hosts.zip by doing the followingRight-click on hosts.zip and select Extract All. The Extraction Wizard will open.Click Next, followed by Next again.When it has finished extracting (should take one or two seconds), click on Finish. A folder with the extracted items will open.[*]Double-click on mvps.bat to run it. A black box will suddenly open and close; this is normal.[*]If any windows open alerting you of a change in your hosts file, please allow them; this is expected.Note:If you have added any custom entries to your HOSTS file, you will need to add them again. 2. Please Download MsnVirRem.exe to your desktop from one of the following mirrors.Mirror 1Mirror 2Mirror 3[*]First close any other programs you have running as this will require a reboot[*]Double click MsnVirRem.exe to run it[*]Once open, click the button labelled "Search and Destroy"<<Your computer will now be scanned for Infected Files>>[*]When scanning is finished you will be prompted to reboot only if infected, Click OK[*]Now click the "REBOOT" Button.[*]After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue.[*]A Message should popup from MsnVirRem if not, double click the program again and it will finish3.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmIn your next reply, please post the SmitFraudFix report, the report from MsnVirRem (found at C:\msnvirrem.log), and a new HiJackThis log.-Ryan Link to post Share on other sites
tippoff Posted January 28, 2007 Author Report Share Posted January 28, 2007 SmitFraud report:SmitFraudFix v2.137Scan done at 22:30:46.83, Sat 01/27/2007Run from C:\Documents and Settings\janine\Desktop\SmitfraudFix\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode»»»»»»»»»»»»»»»»»»»»»»»» C:\»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32C:\WINDOWS\system32\migicons.exe FOUND !C:\WINDOWS\system32\components\flx?.dll FOUND !C:\WINDOWS\system32\components\flx??.dll FOUND !C:\WINDOWS\system32\components\flx???.dll FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\janine»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\janine\Application Data»»»»»»»»»»»»»»»»»»»»»»»» Start MenuC:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\janine\FAVORI~1»»»»»»»»»»»»»»»»»»»»»»»» Desktop»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]"Source"="About:Home""SubscribedURL"="About:Home""FriendlyName"="My Current Home Page"»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=""»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"System"=""»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection»»»»»»»»»»»»»»»»»»»»»»»» EndMsnVirRem report:MsnVirRem Log by Skate_Punk_21Fix running from: C:\Documents and Settings\janine\Desktop1/27/2007 10:26:07 PM ---Infection Files Found---C:\WINDOWS\system32\taskkill.comC:\WINDOWS\system32\netstat.comRebooting...Fixing Registry Permissions...Editing Registry...Fixing Host File...**Fix Complete!**New HiJackThis log:Logfile of HijackThis v1.99.1Scan saved at 10:32:47 PM, on 1/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefoxR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&...mp;N=EM&O=IO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {2C4F57F2-7633-42E3-8D33-529F0491ABFC} - C:\WINDOWS\system32\fccaw.dll (file missing)O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Startup: winlogon.lnk = ?O4 - Global Startup: MsnVirRem.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {9B14B03A-B482-45C3-BE37-5B7CAA8B0B5D} (QBH Control) - http://hsearch.nayio.com/download/QBH.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: fccaw - C:\WINDOWS\system32\fccaw.dll (file missing)O20 - Winlogon Notify: NavLogon - C:\WINDOWS\O20 - Winlogon Notify: winpcn32 - winpcn32.dll (file missing)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe Link to post Share on other sites
rmurphy Posted January 28, 2007 Report Share Posted January 28, 2007 OK, it looks like it took care of the MSN issue, but there is still a few things left to do.You will want to print out a copy of these instructions to follow while you complete this procedure.1. Please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.The report can also be found at the root of the system drive, usually at C:\rapport.txtWarning : running option #2 on a non infected computer will remove your Desktop background.2. Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.Please post the contents of the SmitFraudFix report, the results of vundoFix (found at C:\vundofix.txt) and a new HiJackThis log.-Ryan Link to post Share on other sites
tippoff Posted January 28, 2007 Author Report Share Posted January 28, 2007 SmitFraudFix report:SmitFraudFix v2.137Scan done at 22:48:00.69, Sat 01/27/2007Run from C:\Documents and Settings\janine\Desktop\SmitfraudFix\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» Killing process»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos FixGenericRenosFix by S!Ri»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected filesC:\WINDOWS\system32\migicons.exe DeletedC:\WINDOWS\system32\components\flx?.dll DeletedC:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url DeletedC:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"System"=""»»»»»»»»»»»»»»»»»»»»»»»» Registry CleaningRegistry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» EndvundoFix results:VundoFix V6.3.2Checking Java version...Java version is 1.5.0.6Scan started at 10:54:35 PM 1/27/2007Listing files found while scanning....C:\Documents and settings\janine\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txtC:\Documents and settings\janine\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txtC:\WINDOWS\system32\fccaw.dllC:\WINDOWS\system32\waccf.bak2C:\WINDOWS\system32\waccf.iniC:\WINDOWS\system32\waccf.ini2C:\WINDOWS\system32\waccf.tmpBeginning removal... Attempting to delete C:\Documents and settings\janine\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txtC:\Documents and settings\janine\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted! Attempting to delete C:\Documents and settings\janine\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txtC:\Documents and settings\janine\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted! Attempting to delete C:\WINDOWS\system32\waccf.bak2C:\WINDOWS\system32\waccf.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\waccf.iniC:\WINDOWS\system32\waccf.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\waccf.ini2C:\WINDOWS\system32\waccf.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\waccf.tmpC:\WINDOWS\system32\waccf.tmp Has been deleted!Performing Repairs to the registry.Done!New HiJackThis Log:Logfile of HijackThis v1.99.1Scan saved at 11:16:34 PM, on 1/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&...mp;N=EM&O=IO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {2C4F57F2-7633-42E3-8D33-529F0491ABFC} - C:\WINDOWS\system32\fccaw.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Startup: winlogon.lnk = ?O4 - Global Startup: MsnVirRem.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {9B14B03A-B482-45C3-BE37-5B7CAA8B0B5D} (QBH Control) - http://hsearch.nayio.com/download/QBH.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: fccaw - C:\WINDOWS\system32\fccaw.dll (file missing)O20 - Winlogon Notify: NavLogon - C:\WINDOWS\O20 - Winlogon Notify: winpcn32 - winpcn32.dll (file missing)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe Link to post Share on other sites
rmurphy Posted January 28, 2007 Report Share Posted January 28, 2007 Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis log-Ryan Link to post Share on other sites
tippoff Posted January 28, 2007 Author Report Share Posted January 28, 2007 Report.txt:SDFix: Version 1.63Sat 01/27/2007 - 23:36:17.84Microsoft Windows XP [Version 5.1.2600]Running From: C:\Documents and Settings\janine\Desktop\SDFix\SDFixSafe Mode:Checking Services: Name:Path:Restoring Windows Registry EntriesRestoring Default Hosts FileRebooting...Normal Mode:Checking Files:Below files will be copied to Backups folder then removed:C:\Documents and Settings\janine\Start Menu\Programs\Startup\winlogon.lnk - DeletedC:\WINDOWS\system32\NeroCheck.exe - DeletedADS Check:C:\WINDOWS\system32No streams found. Final Check:Remaining Services:------------------Authorized Application Key Export:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0""C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)""C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger""C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0""C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"Remaining Files:---------------Backups Folder: - C:\DOCUME~1\janine\Desktop\SDFix\SDFix\backups\backups.zipChecking For Files with Hidden Attributes :C:\ntdetect.comC:\Program Files\Uninstall Information\IE40.Comctl32\AINF0000C:\WINDOWS\SYSTEM32\cdplayer.exe.manifestC:\WINDOWS\SYSTEM32\logonui.exe.manifestC:\WINDOWS\SYSTEM32\qobizxnts\winlogon.exeC:\IO.SYSC:\MSDOS.SYSC:\WINDOWS\All Users\DRM\Cache\Indiv01.tmpC:\WINDOWS\SYSTEM32\vwisnrcn.tmp FinishedNew HiJackThis Log:Logfile of HijackThis v1.99.1Scan saved at 11:45:49 PM, on 1/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\SYSTEM32\notepad.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&...mp;N=EM&O=IO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {2C4F57F2-7633-42E3-8D33-529F0491ABFC} - C:\WINDOWS\system32\fccaw.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: MsnVirRem.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {9B14B03A-B482-45C3-BE37-5B7CAA8B0B5D} (QBH Control) - http://hsearch.nayio.com/download/QBH.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: fccaw - C:\WINDOWS\system32\fccaw.dll (file missing)O20 - Winlogon Notify: NavLogon - C:\WINDOWS\O20 - Winlogon Notify: winpcn32 - winpcn32.dll (file missing)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe Link to post Share on other sites
rmurphy Posted January 28, 2007 Report Share Posted January 28, 2007 1. Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)O2 - BHO: (no name) - {2C4F57F2-7633-42E3-8D33-529F0491ABFC} - C:\WINDOWS\system32\fccaw.dll (file missing)O20 - Winlogon Notify: fccaw - C:\WINDOWS\system32\fccaw.dll (file missing)O20 - Winlogon Notify: NavLogon - C:\WINDOWS\O20 - Winlogon Notify: winpcn32 - winpcn32.dll (file missing)Close all open windows except for HiJack This and click fix checked.Reboot your computer.2. Please go HERE to run Panda's ActiveScan. You will need to use Internet Explorer to run it.Once you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.If you would please rescan with HijackThis and post a fresh log, along with the results from the Panda ActiveScan in this same topic, and let us know how your system's working. -Ryan Link to post Share on other sites
tippoff Posted January 28, 2007 Author Report Share Posted January 28, 2007 My system's working fine now, thanks!New HiJackThis Log:Logfile of HijackThis v1.99.1Scan saved at 1:39:08 AM, on 1/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\WINDOWS\SYSTEM32\SOL.EXEC:\Program Files\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&...mp;N=EM&O=IO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: MsnVirRem.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {9B14B03A-B482-45C3-BE37-5B7CAA8B0B5D} (QBH Control) - http://hsearch.nayio.com/download/QBH.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exePanda ActiveScan Results:Incident Status Location Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\enterprise\Application Data\Mozilla\Firefox\Profiles\5ze3aggt.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\enterprise\Application Data\Mozilla\Firefox\Profiles\5ze3aggt.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\enterprise\Application Data\Mozilla\Firefox\Profiles\5ze3aggt.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\enterprise\Application Data\Mozilla\Firefox\Profiles\5ze3aggt.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\enterprise\Application Data\Mozilla\Firefox\Profiles\5ze3aggt.default\cookies.txt[media.fastclick.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\enterprise\Application Data\Mozilla\Firefox\Profiles\5ze3aggt.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\enterprise\Application Data\Mozilla\Firefox\Profiles\5ze3aggt.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\enterprise\Application Data\Mozilla\Firefox\Profiles\5ze3aggt.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\enterprise\Application Data\Mozilla\Firefox\Profiles\5ze3aggt.default\cookies.txt[.zedo.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\enterprise\Application Data\Mozilla\Firefox\Profiles\5ze3aggt.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\enterprise\Application Data\Mozilla\Firefox\Profiles\5ze3aggt.default\cookies.txt[.overture.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\enterprise\Application Data\Mozilla\Firefox\Profiles\5ze3aggt.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\enterprise\Application Data\Mozilla\Firefox\Profiles\5ze3aggt.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\enterprise\Application Data\Mozilla\Firefox\Profiles\5ze3aggt.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\enterprise\Application Data\Mozilla\Firefox\Profiles\5ze3aggt.default\cookies.txt[.burstnet.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\enterprise\Application Data\Mozilla\Firefox\Profiles\5ze3aggt.default\cookies.txt[.advertising.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\enterprise\Cookies\[email protected][1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\enterprise\Cookies\enterprise@drivecleaner[2].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\enterprise\Cookies\[email protected][1].txt Spyware:Cookie/888 Not disinfected C:\Documents and Settings\enterprise\Cookies\[email protected][1].txt Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\enterprise\Cookies\[email protected][2].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\enterprise\Cookies\[email protected][1].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\enterprise\Cookies\[email protected][2].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\enterprise\Cookies\enterprise@winantivirus[2].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\enterprise\Cookies\[email protected][2].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\enterprise\Cookies\[email protected][2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.atdmt.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.burstnet.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.2o7.net/] Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.ads.addynamix.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.ehg.hitbox.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.hitbox.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.ehg.hitbox.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.fastclick.net/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.toplist.cz/] Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.gostats.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.com.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.zedo.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.advertising.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.atwola.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.xiti.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.overture.com/] Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.clickbank.net/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.adtech.de/] Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[citi.bridgetrack.com/] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.bravenet.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/888 Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.888.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\janine\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\janine\Cookies\[email protected][2].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\janine\Cookies\janine@azjmp[1].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\janine\Cookies\[email protected][1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\janine\Desktop\SDFix\SDFix\apps\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\janine\Desktop\SDFix.exe[sDFix\apps\Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\janine\Desktop\SmitfraudFix\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\janine\Desktop\SmitfraudFix.zip[smitfraudFix/Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\janine\Local Settings\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\Cache\633285D9d01[smitfraudFix/Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\janine\Local Settings\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\Cache\DD0DBD66d01[C:\Documents and Settings\janine\Local Settings\Application Data\Mozilla\Firefox\Profiles\dlsnnmdw.default\Cache\DD0DBD66d01][sDFix\apSpyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Meness\Application Data\Mozilla\Firefox\Profiles\nbu3nc1x.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Meness\Application Data\Mozilla\Firefox\Profiles\nbu3nc1x.default\cookies.txt[.advertising.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Meness\Application Data\Mozilla\Firefox\Profiles\nbu3nc1x.default\cookies.txt[.atdmt.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Meness\Application Data\Mozilla\Firefox\Profiles\nbu3nc1x.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Meness\Application Data\Mozilla\Firefox\Profiles\nbu3nc1x.default\cookies.txt[.casalemedia.com/] Virus:Trj/Killav.FD Disinfected C:\WINDOWS\SYSTEM32\qobizxnts\winlogon.exe Link to post Share on other sites
rmurphy Posted January 28, 2007 Report Share Posted January 28, 2007 Congratulations, your log is CLEAN We have a couple of last steps to perform and then you're all set.First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.* Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Under the Hidden files and folders heading UNSELECT Show hidden files and folders. * CHECK the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK.Next, let's set a new restore point, and clear the old ones:Step #1 - Create a New Restore Point Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point. Step #2 - Flush All Previous Points Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point.Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:SpywareBlaster to help prevent spyware from installing in the first place.SpywareGuard to catch and block spyware before it can execute.IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.You should also have a good firewall. Here are 2 free ones available for personal use:Kerio Personal FirewallZoneAlarmIt is critical to have both a firewall and anti virus to protect your system and to keep them updated.To keep your operating system up to date visit Microsoft Windows Update monthly.And to keep your system clean run these free malware scanners weekly, and be aware of what emails you open and websites you visit.AVG Anti-SpywareSUPERAntiSpyware Home EditionTo learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.-Ryan Link to post Share on other sites
Besttechie Posted January 29, 2007 Report Share Posted January 29, 2007 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts