seksuell Posted May 6, 2006 Report Share Posted May 6, 2006 -------------------------------------------------------------------------Active Scan PandaIncident Status LocationSpyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8hna71yx.default\coo kies-1.txt[.adopt.hbmediapro.com/]Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\8hna71yx.default\Cac he\633285D9d01[smitfraudFix/Process.exe]Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\SmitfraudFix\SmitfraudFix\Process.exePotentially unwanted tool:Application/Processor Not disinfected C:\Program Files\SmitfraudFix.zip[smitfraudFix/Process.exe]Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\SmitRem\smitRem\Process.exeAdware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\regperf.exe---------------------------------------------------------ewido anti-malware - Scan report---------------------------------------------------------+ Created on: 20:48:14, 05.05.2006+ Report-Checksum: 6CCE0E1F+ Scan result:No infected objects found.::Report End-----------------------------------------------------------------------SmitFraudFix v2.39Scan done at 18:47:31,55, 05.05.2006Run from C:\Program Files\SmitfraudFix\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» Killing process»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected filesC:\WINDOWS\system32\atmclk.exe DeletedC:\WINDOWS\system32\dcomcfg.exe DeletedC:\WINDOWS\system32\hp????.tmp DeletedC:\WINDOWS\system32\ld????.tmp DeletedC:\WINDOWS\system32\simpole.tlb DeletedC:\WINDOWS\system32\stdole3.tlb DeletedC:\WINDOWS\system32\1024\ Deleted»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files»»»»»»»»»»»»»»»»»»»»»»»» Registry CleaningRegistry Cleaning done.»»»»»»»»»»»»»»»»»»»»»»»» End-------------------------------------------------------------------------Logfile of HijackThis v1.99.1Scan saved at 21:45:31, on 05.05.2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows NT\Accessories\WORDPAD.EXEC:\Program Files\HijackThis.exeO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dllO9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exeO9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exeO9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe Link to post Share on other sites
rmurphy Posted May 6, 2006 Report Share Posted May 6, 2006 Hi seksuell, welcome to BestTechie. I am currently reviewing your log, and will reply momentarily.-Ryan Link to post Share on other sites
rmurphy Posted May 6, 2006 Report Share Posted May 6, 2006 (edited) We can definitely help you, but first you need to apply Windows XP Service Pack 1a. Without this update, you're wide open to re-infection, which defeats the purpose of getting you clean. So download the Service Pack from the link below, so we don't waste time getting you clean just to become re-infected. Click here: http://www.microsoft.com/windowsxp/downloa...p1/default.mspxApply the update, reboot, and post a fresh Hijack This log. Edited May 6, 2006 by rmurphy Link to post Share on other sites
seksuell Posted May 6, 2006 Author Report Share Posted May 6, 2006 (edited) Would it help me if I started usin Panda? I see they noticed a few bugs in my system, and I'll guess they would manage to erase them as well???Logfile of HijackThis v1.97.7Scan saved at 02:22:38, on 06.05.2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows NT\Accessories\WORDPAD.EXEC:\Program Files\HijackThis.exeO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dllO9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exeO9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exeO9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe Edited May 6, 2006 by seksuell Link to post Share on other sites
rmurphy Posted May 6, 2006 Report Share Posted May 6, 2006 The things that the Panda scan found (except for the cookie) were part of the SmitFraudFix. It was picked up because it uses the same compression package as some spyware uses.You will want to print out a copy of these instructions to follow while you complete this procedure, as you will not be able to access the internet later in the fix.I noticed you have Party Poker and UltimateBet installed. Poker games and the sites related are a risk and that's where most malware gets installed. Also, in a lot of cases these Poker 'plugins' are also getting installed without you asking for it. If you don't use it, I recommend that you remove it.Go to Start > Control PanelIn Add/Remove Programs, remove Party Poker if you don't use it. If it asks if you want to reboot your computer, select NO. Do the same for UltimateBet.Close Add/Remove Programs.Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.Open HiJack This and scan. When it finishes, put an X in the boxes, only next to these following itemsO9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe <= If you decide to remove UltimateBetO9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe <= If you decide to remove UltimateBetO9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll <= If you decide to remove Party PokerO9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll <= If you decide to remove Party PokerClose all open windows except for HiJack This and click fix checked.Delete the following folder C:\Program Files\UltimateBet\Reboot your PC.Can you please go to C:\Program Files\Alwil Software\Avast4\ and tell me if the ashMaiSv.exe file is there?There really isn't much else that can be removed from HiJack This. There are some optional removals that could speed up your computer when it first loads up; let me know if you would like to remove those and I'll tell you what to do.-Ryan Link to post Share on other sites
seksuell Posted May 6, 2006 Author Report Share Posted May 6, 2006 (edited) The ashMaiSv.exe is there....Logfile of HijackThis v1.99.1Scan saved at 19:59:45, on 06.05.2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\HijackThis.exeO4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exeAny tips about getting my pc working faster is greatly apreciated Edited May 6, 2006 by seksuell Link to post Share on other sites
rmurphy Posted May 7, 2006 Report Share Posted May 7, 2006 Sorry for the delay.Download and install Tune Up 2006 TrialClick on Clean up & Repair. Run TuneUp DiskCleaner. Delete all junk files. Afterwords, return to the Main Screen.Click on Clean up & Repair. Run TuneUp RegistryCleaner. Fix all errors. Afterwords, return to the Main Screen.Click on Optimize & Improve. Run TuneUp RegistryDefrag, which will take a few minutes and need a reboot.After the reboot, start Tune Up again. Click on Optimize & Improve then click on TuneUp System Optimizer. Now click on Accelerate downloads and Internet surfing to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.After the reboot, start Tune Up again. Click on Optimize & Improve then click on TuneUp System Optimizer. In the menu to the left called "Wizards", choose System Advisor. Note some of the advice it tells you.-Ryan Link to post Share on other sites
seksuell Posted May 7, 2006 Author Report Share Posted May 7, 2006 Thanx alot Ryan... You really came through for me... Hopefully I won't come back, so Bye...HJT-resolved Link to post Share on other sites
Matt Posted May 29, 2006 Report Share Posted May 29, 2006 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts