Have been trying to remove all the spyware on my daughter's computer, have been getting a duf popup! annoying to say the least. have got AVG running and ewido and adaware ran all of these in safe mode and here are the log files. Also ran hijack this however cant seem to get rid of the trusted zone sites ( I know these shouldn't be there after reading your forum's) Just hoping someone could give me a little guidance? Thnx in advance Chris.
Hijack this log:-
Logfile of HijackThis v1.99.1
Scan saved at 4:05:04 AM, on 3/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
E:\Malware\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: (no name) - {C73AA378-FB41-FA71-FA1A-C8D0BCD160F0} - C:\DOCUME~1\Tracey\APPLIC~1\AIMPEA~1\PHONEANTE.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ErrorGuard] C:\RECYCLER\NPROTECT\00018008.Exe
O4 - HKLM\..\Run: [Tfwmcb] C:\Program Files\Whxhwbp\Ppuhg.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [ihcxupmf] C:\WINDOWS\ihcxupmf.exe
O4 - HKLM\..\Run: [pkv] C:\WINDOWS\pkv.exe
O4 - HKLM\..\Run: [rwt] C:\WINDOWS\rwt.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [IE Runtimes] winis.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Nfo] C:\Documents and Settings\Julie\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\Documents and Settings\Julie\vidmon\vidmon.exe
O4 - HKLM\..\Run: [Amok Joy Bike Blah] C:\Documents and Settings\All Users\Application Data\Pingmessamokjoy\linkplus.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKLM\..\RunServices: [IE Runtimes] winis.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineS...er.cab31267.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) -
http://messenger.zone.msn.com/binary/Bankshot.cab31267.cabO16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -
http://locator1.cdn.imagesrvr.com/sites/er...FreeInstall.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Ewido scan report:-
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 2:27:13 AM, 3/16/2006
+ Report-Checksum: 32E4827D
+ Scan result:
HKLM\SOFTWARE\Classes\Softomate.IEToolbar -> Adware.CoolWebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\Softomate.IEToolbar.1 -> Adware.CoolWebSearch : Error during cleaning
C:\Documents and Settings\Athlon\Local Settings\Temporary Internet Files\Content.IE5\4VF3YWT5\tb3[1].cab/toolbar.dll -> Adware.WebSearch : Cleaned with backup
C:\Documents and Settings\Athlon\Local Settings\Temporary Internet Files\Content.IE5\GD2FKHUJ\TBPS[1].cab/TBPS.exe -> Adware.WebSearch : Cleaned with backup
C:\Documents and Settings\Athlon\Local Settings\Temporary Internet Files\Content.IE5\TGC711WD\newmajorse2[1].cab/newmajorse2.txt -> Adware.WebSearch : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\
[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt -> TrackingCookie.Mx-targeting : Cleaned with backup
C:\Documents and Settings\Julie\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Julie\Cookies\
[email protected][3].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Julie\Cookies\
[email protected][4].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Julie\Cookies\julie@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Julie\Cookies\
[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Julie\Cookies\julie@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Julie\Cookies\julie@bestoffersnetworks[3].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Julie\Cookies\julie@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Julie\Cookies\julie@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Julie\Cookies\
[email protected][2].txt -> TrackingCookie.Mx-targeting : Cleaned with backup
C:\Documents and Settings\Julie\Cookies\julie@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\C17UU5PA\OlsonTwins[1].htm -> Backdoor.Sitex : Cleaned with backup
C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\C17UU5PA\WinTA[1].cab/WToolsA.exe -> Adware.Wintol : Cleaned with backup
C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\FXOXPEFQ\WinFixer2005ScannerInstall[1].exe -> Not-A-Virus.Downloader.Win32.Agent.d : Cleaned with backup
C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\G91GPPMW\WinTB[2].cab/WToolsB.dll -> Adware.Wintol : Cleaned with backup
C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\G91GPPMW\WinTS[1].cab/WToolsS.exe -> Adware.Wintol : Cleaned with backup
C:\Documents and Settings\Julie\nfomon\nfo.ocx -> Adware.DelphinMediaViewer : Cleaned with backup
C:\Documents and Settings\Julie\nfomon\nfom.dll -> Adware.DelphinMediaViewer : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Mx-targeting : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\
[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\ODA7CL2N\WinFixer2005FreeInstall[2].cab/UWFX5_0001_N66M1101NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.f : Cleaned with backup
C:\Program Files\Adverts\uninst.exe -> Adware.Lop : Cleaned with backup
C:\Program Files\Common Files\nnnntaad\nhdjllebcj\bpatehhpj.exe.tcf -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\nnnntaad\ptljntjf\jfaretnl.exe.tcf -> Adware.Gator : Cleaned with backup
C:\Program Files\E2G\IeBHOs.dll -> Adware.E2Give : Cleaned with backup
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
C:\Program Files\TBONAS\BarLcher.dll -> Adware.ActivShopper : Cleaned with backup
C:\RECYCLER\NPROTECT\01042338.exe -> Adware.WebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\01042603.exe -> Trojan.Poler.a : Cleaned with backup
C:\RECYCLER\NPROTECT\01042608.exe -> Adware.WebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\01042830.exe -> Adware.WebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\01043176.exe -> Adware.WebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\01043346.exe -> Trojan.Poler.a : Cleaned with backup
C:\RECYCLER\NPROTECT\01043350.exe -> Adware.WebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\01043541.exe -> Adware.WebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\01043671.exe -> Trojan.Poler.a : Cleaned with backup
C:\RECYCLER\NPROTECT\01043675.exe -> Adware.WebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\01043750.exe -> Adware.WebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\01043834.exe -> Trojan.Poler.a : Cleaned with backup
C:\RECYCLER\NPROTECT\01043837.exe -> Adware.WebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\01043838.exe -> Adware.Wintol : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-884357618-1801674531-1007\Dc605.exe -> Trojan.LowZones.am : Cleaned with backup
C:\WINDOWS\876029.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\=NOI.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\m67m.ocx -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\dsr.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dsr.exe.tcf -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\exe81.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\fuivnfcixo.exe -> Adware.Bestofer : Cleaned with backup
C:\WINDOWS\mm81.ocx -> Downloader.VB.ov : Cleaned with backup
C:\WINDOWS\mm83.ocx -> Downloader.VB.ov : Cleaned with backup
C:\WINDOWS\MTE4MTU6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\WINDOWS\seeve.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\seli.exe/mrjj.exe -> Trojan.LowZones.am : Cleaned with backup
C:\WINDOWS\surv3.exe -> Downloader.VB.vv : Cleaned with backup
C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\cmmwts.exe -> Logger.VB.eh : Cleaned with backup
C:\WINDOWS\system32\vidctrl\vidctrl.exe -> Adware.DelphinMediaViewer : Cleaned with backup
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\Temp\ovYfl5Xh.exe -> Adware.WebSearch : Error during cleaning
C:\WINDOWS\Temp\ycXMjhGh.exe -> Adware.WebSearch : Error during cleaning
C:\WINDOWS\thin-143-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
E:\Malware\backups\backup-20060316-003255-955.dll -> Adware.Mirar : Cleaned with backup
::Report End
Smitfiles:-
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Thu 03/16/2006
The current time is: 0:34:44.45
Running from
E:\Malware\Smitrem\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
atmtd.dll
atmtd.dll._
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 800 'explorer.exe'
Killing PID 800 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
atmtd.dll
atmtd.dll._
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
wininet.dll is missing!!
Thnx again chris
