TheTechGuide Forum
General Category => Tech Clinic => Topic started by: ximsocool on June 14, 2006, 11:59:04 PM
-
i tired ewido, ad aware, and AVG but i still have a ton of spyware and its very annoying.. help!
please..
Logfile of HijackThis v1.99.1
Scan saved at 12:57:55 AM, on 6/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\55621488.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\de9c34c3.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\RACLE~1\mshta.exe
C:\WINDOWS\system32\?ecurity\m?iexec.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com (http://\"http://www.emachines.com\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&lan...0409&os=5&src=1 (http://\"http://www.lexmark.com/MD/?func=newreg&lang=0&prtr=4136001&ctry=00000409&os=5&src=1\")
R3 - URLSearchHook: (no name) - {578E5105-BBEE-E049-C89B-93FC5A80E6C4} - C:\WINDOWS\system32\vokp.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {578E5105-BBEE-E049-C89B-93FC5A80E6C4} - C:\WINDOWS\system32\vokp.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Sunkist2k] c:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [55621488.exe] C:\WINDOWS\system32\55621488.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [de9c34c3.exe] C:\WINDOWS\system32\de9c34c3.exe
O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [55621488.exe] C:\Documents and Settings\Patrick\Local Settings\Application Data\55621488.exe
O4 - HKCU\..\Run: [Usrr] "C:\PROGRA~1\COMMON~1\RACLE~1\mshta.exe" -vt yazr
O4 - HKCU\..\Run: [Drg] C:\WINDOWS\system32\?ecurity\m?iexec.exe
O4 - HKCU\..\Run: [de9c34c3.exe] C:\Documents and Settings\Patrick\Local Settings\Application Data\de9c34c3.exe
O4 - Startup: .protected
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: .protected
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: pushow92.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
-
bump
-
Decide which Anti-Virus software you like the best and uninstall the other
I see AVG and Symantec's
Having more than one active AV running background protection can do more harm than good
Causing conflicts with each other and operating system instabilities
Reboot the computer afterwards
Back in Windows
I need to see a couple logs
Please Download [color=\"red\"]SmitfraudFix[/color] (http://\"http://siri.urz.free.fr/Fix/SmitfraudFix.zip\")[/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
[color=\"#3366FF\"]Note[/color] : [color=\"#FF0000\"]process.exe[/color] [color=\"#3366FF\"]is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.[/color]
Also, Download and unzip to your desktop InstalledPrograms.zip (http://\"http://www.billsway.com/vbspage/vbsfiles/InstalledPrograms.zip\")
Double click on InstalledPrograms.vbs
If you get a prompt from your Anti-Virus, please ALLOW this script too run
We are just collecting information
Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents
-
smitfraud--------------------
SmitFraudFix v2.61
Scan done at 23:15:08.93, Thu 06/15/2006
Run from C:\Documents and Settings\Patrick\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\.protected FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\rmzdzx.dll FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Patrick\Application Data
C:\Documents and Settings\Patrick\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareQuake.com 2.1.lnk FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\Patrick\STARTM~1\SpywareQuake.com 2.1.lnk FOUND !
C:\DOCUME~1\Patrick\STARTM~1\Programs\SpywareQuake.com FOUND !
C:\DOCUME~1\Patrick\STARTM~1\Programs\Startup\.protected FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Patrick\FAVORI~1
C:\DOCUME~1\Patrick\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\Patrick\Desktop\SpywareQuake.com.lnk FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\SpywareQuake.com\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="antitragus"
[HKEY_CLASSES_ROOT\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\system32\asxbbx.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\system32\asxbbx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9ae613a2-a13b-4379-8d0e-86a1a78476ec}"="corindon"
[HKEY_CLASSES_ROOT\CLSID\{9ae613a2-a13b-4379-8d0e-86a1a78476ec}\InProcServer32]
@="C:\WINDOWS\system32\rmzdzx.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{9ae613a2-a13b-4379-8d0e-86a1a78476ec}\InProcServer32]
@="C:\WINDOWS\system32\rmzdzx.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
installedprgrams------------------------------------
INSTALLED SOFTWARE (150) - COMPUTER - 6/15/2006 11:17:15 PM
3ivx D4 4.5.1 (remove only) Ver: 4.5.1
Ad-Aware SE Personal Ver: 1.06
Adobe Acrobat 5.0 Ver: 5.0
Adobe Bridge 1.0 Ver: 001.000.003 Installed: 4/27/2006
Adobe Common File Installer Ver: 1.00.0000 Installed: 4/27/2006
Adobe Help Center 1.0 Ver: 001.000.000 Installed: 4/27/2006
Adobe Photoshop CS2 Ver: 9.0
Adobe Photoshop CS2 Ver: 9.0 Installed: 4/27/2006
Adobe Stock Photos 1.0 Ver: 1.0.5 Installed: 4/27/2006
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20030807.3)
AOL Instant Messenger
Badder Adder
BigFix
CC_ccStart Ver: 2.0.0.635 Installed: 1/4/2003
ccCommon Ver: 2.0.0.635 Installed: 1/4/2003
CleanUp!
CompuServe
ewido anti-malware
Google Earth Ver: 3.0.0762 Installed: 5/17/2006
Guitar Pro 5.0
HijackThis 1.99.1 Ver: 1.99.1
ICQ
Indeo® XP Software
IOI Multimedia Card Reader Ver: 1.03 Installed: 1/4/2003
IOI Multimedia Card Reader Ver: 1.03 Installed: 1/4/2003
iTunes Ver: 6.0.4.2 Installed: 6/9/2006
iTunes Ver: 6.0.4.2 Installed: 6/9/2006
J2SE Runtime Environment 5.0 Update 3 Ver: 1.5.0.30 Installed: 4/24/2006
J2SE Runtime Environment 5.0 Update 6 Ver: 1.5.0.60 Installed: 4/25/2006
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment Standard Edition v1.3.1_02
Learn2 Player (Uninstall Only)
Lexmark Photo Center Ver: 1.05 Installed: 4/14/2006
Lexmark Photo Center Ver: 1.05 Installed: 4/14/2006
Lexmark Z700-P700 Series
LimeWire PRO 4.10.9 Ver: 4.10.9
LiveReg (Symantec Corporation) Ver: 2.4.2.2295
LiveUpdate 1.90 (Symantec Corporation) Ver: 1.90.14.0
Macromedia Dreamweaver 8 Ver: 8.0.0.2734 Installed: 4/30/2006
Macromedia Extension Manager Ver: 1.7.240 Installed: 4/30/2006
Macromedia Fireworks 8 Ver: 8.0.0.777 Installed: 4/30/2006
Macromedia Flash 8 Ver: 8.00.0000 Installed: 4/30/2006
Macromedia Flash 8 Video Encoder Ver: 1.00.0000 Installed: 4/30/2006
Macromedia Flash Player 8 Ver: 8
Macromedia Flash Player 8 Ver: 8.0.22.0 Installed: 4/30/2006
Macromedia Flash Player 8 Plugin Ver: 8.0.22.0 Installed: 4/30/2006
Macromedia FreeHand 10 Ver: 10
Macromedia Shockwave Player Ver: 10.1.0.11
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Ver: 2.0.50727 Installed: 5/1/2006
Microsoft Data Access Components KB870669
Microsoft Money 2003 Ver: 11.0.50 Installed: 1/4/2003
Microsoft Money 2003 System Pack Ver: 11.0.80 Installed: 1/4/2003
Microsoft MSDN 2005 Express Edition - ENU
Microsoft MSDN 2005 Express Edition - ENU Ver: 1.16.50727.42 Installed: 5/1/2006
Microsoft Office PowerPoint Viewer 2003 Ver: 11.0.6458.0 Installed: 4/19/2006
Microsoft Platform SDK (3790.1830) Ver: 5.2.3790.1830 Installed: 5/4/2006
Microsoft Platform SDK (R2) (3790.2075) Ver: 5.2.3790.2075 Installed: 5/2/2006
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) Ver: 9.00.1399.06 Installed: 5/1/2006
Microsoft SQL Server 2005 Tools Express Edition Ver: 9.00.1399.06 Installed: 5/1/2006
Microsoft SQL Server Native Client Ver: 9.00.1399.06 Installed: 5/1/2006
Microsoft SQL Server Setup Support Files (English) Ver: 9.00.1399.06 Installed: 5/1/2006
Microsoft SQL Server VSS Writer Ver: 9.00.1399.06 Installed: 5/1/2006
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual Basic 2005 Express Edition - ENU Ver: 8.0.50727.42 Installed: 5/1/2006
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU Ver: 8.0.50727.42 Installed: 5/2/2006
Microsoft Works 6.0 Ver: 06.00.1829 Installed: 1/4/2003
Mozilla Firefox (1.5.0.4) Ver: 1.5.0.4 (en-US)
MSN Music Assistant
MSRedist Ver: 1.0.0.0 Installed: 1/4/2003
MSXML 6.0 Parser Ver: 6.00.3883.8 Installed: 5/1/2006
Multimedia Keyboard Driver
Netscape 6 (6.2.1)
Norton AntiVirus 2004 Ver: 10.00.00 Installed: 1/4/2003
Norton AntiVirus 2004 (Symantec Corporation) Ver: 10.00.00
Norton AntiVirus Parent MSI Ver: 10.0.0 Installed: 1/4/2003
Norton WMI Update Ver: 2005.1.2.20 Installed: 5/11/2006
NVIDIA Display Driver
NVIDIA Ethernet Driver
NVIDIA nForce Drivers
PowerDVD
QuickTime Ver: 7.1 Installed: 6/9/2006
QuickTime Ver: 7.1 Installed: 6/9/2006
RealPlayer Basic
Ricochet Lost Worlds
Security Update for Windows Media Player (KB911564) Installed: 4/23/2006
Security Update for Windows Media Player 10 (KB911565) Installed: 4/24/2006
Security Update for Windows XP (KB890046) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB893756) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB896358) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB896422) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB896423) Ver: 1 Installed: 4/14/2006
Security Update for Windows XP (KB896424) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB896428) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB899587) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB899588) Ver: 1 Installed: 4/14/2006
Security Update for Windows XP (KB899591) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB900725) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB901017) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB901214) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB902400) Ver: 1 Installed: 4/14/2006
Security Update for Windows XP (KB904706) Ver: 2 Installed: 4/22/2006
Security Update for Windows XP (KB905414) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB905749) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB908519) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB908531) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB911567) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB912812) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 4/22/2006
Security Update for Windows XP (KB913446) Ver: 1 Installed: 4/23/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 5/12/2006
Shareaza version 2.2.1.0 Ver: 2.2.1.0
Shockwave Director 10.1.1
SoftV92 Data Fax Modem with SmartCP
SpywareQuake.com 2.1 Ver: 2.1
Symantec Network Drivers Update Ver: 5.5.1.6 Installed: 5/1/2006
Symantec Script Blocking Installer Ver: 1.0.0 Installed: 1/4/2003
SymNet Ver: 4.7.1 Installed: 1/4/2003
Update for Windows XP (KB898461) Ver: 1 Installed: 4/19/2006
Update for Windows XP (KB900485) Ver: 2 Installed: 4/25/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 4/23/2006
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP Ver: 9.50.6513 Installed: 1/4/2003
WinAce Archiver Ver: 2.61
Winamp (remove only)
Windows Backup Utility Ver: 5.1 Installed: 1/4/2003
Windows Genuine Advantage Notifications (KB905474) Ver: 1.5.0526.0 Installed: 5/28/2006
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Media Format Runtime
Windows Media Player 10
Windows Movie Maker 2.0 Ver: 2.0.0000 Installed: 1/4/2003
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB885884 Ver: 20040924.025457
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB887742 Ver: 20041103.095002
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB890859 Ver: 1 Installed: 4/23/2006
Windows XP Hotfix - KB891781 Ver: 20050110.165439
Windows XP Service Pack 2 Ver: 20040803.231319
-
Can you do the following
==Download and then Install
Ewido anti-malware 3.5 (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" UNCHECK
"Install background guard"
"Install scan via context menu".
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the auto updater won't work
Please manually update from this link
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!
Access your add/remove programs and remove all the following
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment Standard Edition v1.3.1_02
The above are all old versions or updates of Java, we will update this in a bit
Finally remove
SpywareQuake.com 2.1
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
In safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
CleanUp, may prompt to run in Demo mode the first time ran, decline, we actually want to run the cleanup portion
When it's done>>Click Close
DECLINE to Log off or Restart the computer
==Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default they are also saved at C:\rapport.txt
If a reboot was required, reboot back to safe mode
If it wasn't required, remain in safe mode
==Open Ewido Anti-malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to the desktop or someplace you will remember
Exit Ewido
NOTE: When Ewido is running, don't open any other windows, let it run uninterrupted
Reboot back to Normal mode
Let's update Java
Go to the following link
http://www.java.com/en/download/manual.jsp (http://\"http://www.java.com/en/download/manual.jsp\")
Download and save to desktop the Windows OFFLINE installation
Double click on the installer and follow the prompts to install the latest version of Java
Once installed you can delete the installer saved to desktop
Post back the following:
1. Run a Scan and save logfile with Hijackthis and post a fresh log
2. Post the whole report from Ewidos'
3. Post the contents of the log from Smitfraudfix located here>>C:\Rapport.txt