Goliath Posted January 17, 2006 Share Posted January 17, 2006 So lately I have been having problems with spyware on my comp, I have been getting pop-ups that my comp is infected and my wallpaper waschanged to "spyware infection detected" or something similar. I've run Ad-aware, Search & Destroy and my AVG several times but it doesn't remove all of them (same spywares are detected every time) So if any of you can help me with my HJT it would be appriciated :P Logfile of HijackThis v1.99.1 Scan saved at 18:46:33, on 2006-01-17 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\ipja[Caution: ExecutableFile] C:\Program\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile] C:\Program\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile] C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm[Caution: ExecutableFile] C:\WINDOWS\system32\slserv[Caution: ExecutableFile] C:\Program\iPod\bin\iPodService[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\ATI-CPanel\atiptaxx[Caution: ExecutableFile] C:\WINDOWS\system32\GSICON[Caution: ExecutableFile] C:\WINDOWS\system32\dslagent[Caution: ExecutableFile] C:\Program\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] C:\Program\Java\jre1.5.0\bin\jusched[Caution: ExecutableFile] C:\Program\QuickTime\qttask[Caution: ExecutableFile] C:\WINDOWS\system32\apiwu32[Caution: ExecutableFile] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile] C:\Program\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\program\valve\steam\steam[Caution: ExecutableFile] C:\WINDOWS\ipja[Caution: ExecutableFile] C:\WINDOWS\explorer[Caution: ExecutableFile] C:\Program\Mozilla Firefox\firefox[Caution: ExecutableFile] C:\Program\iTunes\iTunes[Caution: ExecutableFile] C:\HiJackThis\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\afsmi.dll/sp.html#10001%resultposition.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vfnhs.dll/sp.html#10001%resultposition.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vfnhs.dll/sp.html#10001%resultposition.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vfnhs.dll/sp.html#10001%resultposition.net R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vfnhs.dll/sp.html#10001%resultposition.net R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LÃÆÃâÃâänkar R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=c:\windows\system32\userinit[Caution: ExecutableFile] O2 - BHO: Class - {207A8AD9-ECE4-DF9B-BAA6-47B4EB313BB1} - C:\WINDOWS\wingw32.dll (file missing) O2 - BHO: Class - {286B2AD0-92FB-11D2-10FE-2602C19AF756} - C:\WINDOWS\system32\d3ce32.dll O2 - BHO: Class - {4574EC09-FC66-92F0-4F9B-EE57CF1967DC} - C:\WINDOWS\crgl.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Class - {85D9CD8E-5A0B-5971-2E36-284D9E2E0BF4} - C:\WINDOWS\addhz32.dll O2 - BHO: Class - {E4564D6D-4921-87B7-0C6A-2097D907B4A5} - C:\WINDOWS\system32\ntuh.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx[Caution: ExecutableFile] O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx[Caution: ExecutableFile] O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck[Caution: ExecutableFile] O4 - HKLM\..\Run: [GSICONEXE] GSICON[Caution: ExecutableFile] O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent[Caution: ExecutableFile] USB O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper[Caution: ExecutableFile]" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [apiwu32[Caution: ExecutableFile]] C:\WINDOWS\system32\apiwu32[Caution: ExecutableFile] O4 - HKLM\..\RunOnce: [ipja[Caution: ExecutableFile]] C:\WINDOWS\ipja[Caution: ExecutableFile] O4 - HKLM\..\RunOnce: [AAW] "C:\Program\Lavasoft\Ad-Aware SE Personal\Ad-Aware[Caution: ExecutableFile]" "+b1" O4 - HKCU\..\Run: [CTFMON[Caution: ExecutableFile]] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile] O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [steam] "c:\program\valve\steam\steam[Caution: ExecutableFile]" -silent O4 - HKCU\..\Run: [spyware Cleaner] "C:\Program\Spyware Cleaner\SpywareCleaner[Caution: ExecutableFile]" /boot O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA[Caution: ExecutableFile] O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker[Caution: ExecutableFile] O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs[Caution: ExecutableFile] O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0.33/player.virtools.com/downloads/player/Install2.0/Installer[Caution: ExecutableFile] O17 - HKLM\System\CCS\Services\Tcpip\..\{C9D9D701-4CC5-4BF1-8646-820D7C83F07A}: NameServer = 195.67.199.30 195.67.199.31 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile] O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService[Caution: ExecutableFile] O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv[Caution: ExecutableFile] O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\DELADE~1\SONYSH~1\AVLib\Sptisrv[Caution: ExecutableFile] Link to comment Share on other sites More sharing options...
coltm4carbine Posted January 17, 2006 Share Posted January 17, 2006 i start you off by giving you smitrem Download smitRem[Caution: ExecutableFile] and save the file to your desktop. (if the link doesn't work then google up smirem) Double click on the file to extract it to it's own folder on the desktop. Place a shortcut to Panda ActiveScan on your desktop. Please download the trial version of Ewido Security Suite here: http://www.ewido.net/en/download/ Install it, and update the definitions to the newest files. Do NOT run a scan yet. Next, please reboot your computer in SafeMode by doing the following: [*:25y4aaf7]Restart your computer [*:25y4aaf7]After hearing your computer beep once during startup, but before the Windows icon appears, press F8. [*:25y4aaf7]Instead of Windows loading as normal, a menu should appear [*:25y4aaf7]Select the first option, to run Windows in Safe Mode.Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED: Close HiJackThis. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Open Ad-aware and do a full scan. Remove all it finds. Run Ewido: [*:25y4aaf7]Click on scanner [*:25y4aaf7]Click on Complete System Scan and the scan will begin. [*:25y4aaf7]NOTE: During some scans with ewido it is finding cases of false positives. [*:25y4aaf7]You will need to step through the process of cleaning files one-by-one. [*:25y4aaf7]If ewido detects a file you KNOW to be legitimate, select none as the action. [*:25y4aaf7]DO NOT select "Perform action on all infections" [*:25y4aaf7]If you are unsure of any entry found select none for now. [*:25y4aaf7]When the scan is finished, click the Save report button at the bottom of the screen. [*:25y4aaf7]Save the report to your desktopClose Ewido Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. Reboot back into Windows and click the Panda ActiveScan shortcut. - Once you are on the Panda site click the Scan your PC button - A new window will open...click the Check Now button - Enter your Country - Enter your State/Province - Enter your e-mail address and click send - Select either Home User or Company - Click the big Scan Now button - If it wants to install an ActiveX component allow it - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) - When download is complete, click on Local Disks to start the scan - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply. that should get rid of smitfraud and it's variants. Link to comment Share on other sites More sharing options...
Goliath Posted January 17, 2006 Author Share Posted January 17, 2006 wow thats a big list :lol: OK, I don't think I have time for all that tonight but I'll start tomorrow. Anyway, by just looking over the log, is there anything you know I can 'fix' right now? Thanks a bunch for those tips though Link to comment Share on other sites More sharing options...
coltm4carbine Posted January 17, 2006 Share Posted January 17, 2006 oh i forgot to add on my last post print it off. well after i fix this up i got another canned to use (sp.html) you can fix these if you want (if your that desperate, but it won't solve your desktop hijack problem)(also i will need to see a new log later so it will show up new entries): R3 - Default URLSearchHook is missing most of the other bad entries require special removal tools - your computer has been quite badly affected... have you been visiting dodgy websites? Link to comment Share on other sites More sharing options...
wahoo Posted January 17, 2006 Share Posted January 17, 2006 You should try installing the beta for microsoft antispyware, it is actually a very good program and has a constant monitoring system, so that it auto-updates, and if any spyware tries to install itself, the anti-spyware will block it. Link to comment Share on other sites More sharing options...
Goliath Posted January 18, 2006 Author Share Posted January 18, 2006 most of the other bad entries require special removal tools - your computer has been quite badly affected... have you been visiting dodgy websites? Yeah, my 'friend' told me to go to a "very funny" website... And ofcourse i'm that stupid so I checked it out, that was a mistake. Link to comment Share on other sites More sharing options...
Goliath Posted January 18, 2006 Author Share Posted January 18, 2006 Ok, I've done everything on the list (I think), here's the logs: Smitfile: smitRem ÃÆââ¬Å¡Ãâé log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ SpySheriff ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 [email protected] Killing PID 792 'explorer[Caution: ExecutableFile]' Killing PID 792 'explorer[Caution: ExecutableFile]' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) Panda: Incident Status Location Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Hampus\Cookies\hampus@overture[1].txt Spyware:Cookie/Aftonbladet Not disinfected C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt[] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Hampus\Skrivbord\Setups m.m\smitRem[Caution: ExecutableFile][Process[Caution: ExecutableFile]] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Hampus\Skrivbord\smitRem\Process[Caution: ExecutableFile] Adware:adware/ist.istbar Not disinfected C:\Documents and Settings\Hampus\Start-meny\WEB-Search.url Adware:Adware/WUpd Not disinfected C:\Program Files\Windows AdTools\Info.txt Adware:adware/clickalchemy Not disinfected C:\WINDOWS\alchem.ini Adware:Adware/SearchAid Not disinfected C:\WINDOWS\apiha32[Caution: ExecutableFile] Adware:Adware/SearchAid Not disinfected C:\WINDOWS\appop[Caution: ExecutableFile] Dialer:Dialer.ZE Not disinfected C:\WINDOWS\Downloaded Program Files\Information_s.INF Spyware:Spyware/Iehelp Not disinfected C:\WINDOWS\Downloaded Program Files\ipreg32.inf Adware:adware/effectivebrandtoolbar Not disinfected C:\WINDOWS\games[Caution: ExecutableFile] Adware:Adware/Ucmore Not disinfected C:\WINDOWS\games[Caution: ExecutableFile][iUCMORE.DLL] Adware:Adware/IPInsight Not disinfected C:\WINDOWS\inf\alchem.inf Adware:Adware/SearchAid Not disinfected C:\WINDOWS\ipja[Caution: ExecutableFile] Adware:adware/ncase Not disinfected C:\WINDOWS\msbb[Caution: ExecutableFile].temp Adware:Adware/SearchAid Not disinfected C:\WINDOWS\mskx32[Caution: ExecutableFile] Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32m.sys Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\appmo[Caution: ExecutableFile] Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\atliv[Caution: ExecutableFile] Virus:Trj/Qhost.Y Disinfected C:\WINDOWS\system32\drivers\etc\hosts.msn Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\mspk32[Caution: ExecutableFile] Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\netun[Caution: ExecutableFile] Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\sdktr[Caution: ExecutableFile] Adware:Adware/SBSoft Not disinfected C:\WINDOWS\webdlg32.inf Adware:Adware/SearchAid Not disinfected C:\WINDOWS\wincq[Caution: ExecutableFile] Ewido: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 18:22:11, 2006-01-18 + Report-Checksum: C1E73622 + Scan result: :mozilla.15:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.16:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.17:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.18:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.19:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.20:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.21:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.23:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.24:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.25:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.26:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.27:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.29:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.31:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.33:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.34:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.35:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.36:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.37:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.38:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.39:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.40:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.41:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.42:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.43:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.44:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.46:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.53:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.54:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.55:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.57:C:\Documents and Settings\Hampus\Skrivbord\ARENA\Rekord\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup :mozilla.9:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.10:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.11:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.12:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.13:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.20:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.21:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.22:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.31:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.36:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.37:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.65:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.66:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.67:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.69:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.71:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.75:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.76:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.77:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.78:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.100:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.101:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.102:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.103:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.108:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.109:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.127:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.128:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.129:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.130:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.155:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.174:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup :mozilla.175:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup :mozilla.176:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup :mozilla.181:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\bldru0pi.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.7:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.15:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.16:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.21:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.22:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.34:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.42:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.43:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.44:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.45:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.48:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.52:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.53:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.57:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.60:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.61:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.98:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.99:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.102:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.103:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.116:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.117:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.119:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.120:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.121:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.122:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.145:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\dth0m6wm.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Program\Delade filer\Sony Shared\Visualizer\ExlGen.dll -> Dialer.Generic : Cleaned with backup C:\Program Files\Winad Client\WinClt[Caution: ExecutableFile] -> Spyware.WinAD : Cleaned with backup C:\WINDOWS\b2_t_FRANKRIKE+P%C3%A5+1400-TALET&803.xml:zcqvc -> Downloader.Agent.bc : Cleaned with backup C:\WINDOWS\b2_t_JEANNE+D%27ARC&965.xml:aizok -> Downloader.Agent.bc : Cleaned with backup C:\WINDOWS\bootstat.dat:aroas -> Downloader.Agent.bc : Cleaned with backup C:\WINDOWS\FjÃÆÃâÃâädrar.bmp:omnjn -> Downloader.Agent.td : Cleaned with backup C:\WINDOWS\ielf32[Caution: ExecutableFile] -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\KB823182.log:qsjbg -> Downloader.Agent.td : Cleaned with backup C:\WINDOWS\KB825119.log:zxvcw -> Downloader.Agent.td : Cleaned with backup C:\WINDOWS\msdfmap.ini:okxmr -> Downloader.Agent.bc : Cleaned with backup C:\WINDOWS\system32\appvt[Caution: ExecutableFile] -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\system32\axuninstall[Caution: ExecutableFile] -> Spyware.BlazeFind : Cleaned with backup C:\WINDOWS\system32\javaaw[Caution: ExecutableFile] -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\webdlg32.dll -> Spyware.SBSoft : Cleaned with backup C:\WINDOWS\ÃÆÃââââ‰â¬Åkensand.bmp:bnozv -> Downloader.Agent.td : Cleaned with backup C:\WINDOWS\ÃÆÃââââ‰â¬Åkensand.bmp:jqmye -> Downloader.Agent.bc : Cleaned with backup ::Report End And HJT: Logfile of HijackThis v1.99.1 Scan saved at 20:19:23, on 2006-01-18 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\ipja[Caution: ExecutableFile] C:\Program\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile] C:\Program\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile] C:\Program\ewido anti-malware\ewidoctrl[Caution: ExecutableFile] C:\Program\ewido anti-malware\ewidoguard[Caution: ExecutableFile] C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm[Caution: ExecutableFile] C:\WINDOWS\system32\slserv[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\ATI-CPanel\atiptaxx[Caution: ExecutableFile] C:\WINDOWS\system32\GSICON[Caution: ExecutableFile] C:\WINDOWS\system32\dslagent[Caution: ExecutableFile] C:\Program\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] C:\Program\Java\jre1.5.0\bin\jusched[Caution: ExecutableFile] C:\Program\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program\QuickTime\qttask[Caution: ExecutableFile] C:\WINDOWS\mshq[Caution: ExecutableFile] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile] C:\Program\iPod\bin\iPodService[Caution: ExecutableFile] C:\Program\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\program\valve\steam\steam[Caution: ExecutableFile] C:\Program\iTunes\iTunes[Caution: ExecutableFile] C:\Program\Mozilla Firefox\firefox[Caution: ExecutableFile] C:\WINDOWS\system32\NOTEPAD[Caution: ExecutableFile] C:\HiJackThis\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\apwev.dll/sp.html#10001%resultposition.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\apwev.dll/sp.html#10001%resultposition.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\apwev.dll/sp.html#10001%resultposition.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\apwev.dll/sp.html#10001%resultposition.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\apwev.dll/sp.html#10001%resultposition.net R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\apwev.dll/sp.html#10001%resultposition.net R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\apwev.dll/sp.html#10001%resultposition.net R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LÃÆÃâÃâänkar R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=c:\windows\system32\userinit[Caution: ExecutableFile] O2 - BHO: Class - {207A8AD9-ECE4-DF9B-BAA6-47B4EB313BB1} - C:\WINDOWS\wingw32.dll (file missing) O2 - BHO: Class - {286B2AD0-92FB-11D2-10FE-2602C19AF756} - C:\WINDOWS\system32\d3ce32.dll O2 - BHO: Class - {4574EC09-FC66-92F0-4F9B-EE57CF1967DC} - C:\WINDOWS\crgl.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Class - {85D9CD8E-5A0B-5971-2E36-284D9E2E0BF4} - C:\WINDOWS\addhz32.dll (file missing) O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx[Caution: ExecutableFile] O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx[Caution: ExecutableFile] O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck[Caution: ExecutableFile] O4 - HKLM\..\Run: [GSICONEXE] GSICON[Caution: ExecutableFile] O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent[Caution: ExecutableFile] USB O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper[Caution: ExecutableFile]" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [apiwu32[Caution: ExecutableFile]] C:\WINDOWS\system32\apiwu32[Caution: ExecutableFile] O4 - HKLM\..\Run: [mshq[Caution: ExecutableFile]] C:\WINDOWS\mshq[Caution: ExecutableFile] O4 - HKCU\..\Run: [CTFMON[Caution: ExecutableFile]] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile] O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [steam] "c:\program\valve\steam\steam[Caution: ExecutableFile]" -silent O4 - HKCU\..\Run: [spyware Cleaner] "C:\Program\Spyware Cleaner\SpywareCleaner[Caution: ExecutableFile]" /boot O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA[Caution: ExecutableFile] O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker[Caution: ExecutableFile] O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs[Caution: ExecutableFile] O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0.33/player.virtools.com/downloads/player/Install2.0/Installer[Caution: ExecutableFile] O17 - HKLM\System\CCS\Services\Tcpip\..\{C9D9D701-4CC5-4BF1-8646-820D7C83F07A}: NameServer = 195.67.199.30 195.67.199.31 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Network Security Service (NSS) ( 11FÃÆÃâÃâ¦Ã¸ÃÆÃâÃâä#ÃÆââ¬Å¡Ãâ÷ÃÆââ¬Å¡ÃâúÃÆÃââââ¬Ã¾ÃÆÃââââ‰â¬Å`I) - Unknown owner - C:\WINDOWS\ipja[Caution: ExecutableFile] O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile] O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido anti-malware\ewidoctrl[Caution: ExecutableFile] O23 - Service: ewido security suite guard - ewido networks - C:\Program\ewido anti-malware\ewidoguard[Caution: ExecutableFile] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile] O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService[Caution: ExecutableFile] O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv[Caution: ExecutableFile] O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\DELADE~1\SONYSH~1\AVLib\Sptisrv[Caution: ExecutableFile] Link to comment Share on other sites More sharing options...
coltm4carbine Posted January 18, 2006 Share Posted January 18, 2006 edit: don't do this fix yet- most of the links don't work...there is only one exe (cws shredder) so i donno about the others. thanks mercifull for reminding me. edit: ok do this for now. search for microsoft antispyware, ad-aware and spybot search and destroy. download and install them update them scan and remove everything they find. Link to comment Share on other sites More sharing options...
Mercifull Posted January 18, 2006 Share Posted January 18, 2006 Remember that tip.it censors direct links to exe files Colt. Half your links dont work. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
MasterOfThePuppets Posted January 19, 2006 Share Posted January 19, 2006 most of the other bad entries require special removal tools - your computer has been quite badly affected... have you been visiting dodgy websites? Yeah, my 'friend' told me to go to a "very funny" website... And ofcourse i'm that stupid so I checked it out, that was a mistake. Did you download a video codec? That caused it for me. That infection is no fun to remove...I got about half the infection, so I can't use these tools, since I've got no idea what I had/have. I can't replicate how I killed it. Also, after following his instructions, is Internet Explorer's homepage still changed? Link to comment Share on other sites More sharing options...
Goliath Posted January 19, 2006 Author Share Posted January 19, 2006 most of the other bad entries require special removal tools - your computer has been quite badly affected... have you been visiting dodgy websites? Yeah, my 'friend' told me to go to a "very funny" website... And ofcourse i'm that stupid so I checked it out, that was a mistake. Did you download a video codec? That caused it for me. That infection is no fun to remove...I got about half the infection, so I can't use these tools, since I've got no idea what I had/have. I can't replicate how I killed it. Also, after following his instructions, is Internet Explorer's homepage still changed? I don't think I downloaded anything, but I'm not sure. As for the Explorer startpage it changed to About:blank, and my AVG detects a virus everytime I open Explorer (I mostly use Firefox anyways) Colt, I will do that as soon as i get home from school Link to comment Share on other sites More sharing options...
Goliath Posted January 19, 2006 Author Share Posted January 19, 2006 Now I've run AdAware and everything else twice, the first time it detected some spyware whicih it removed, the other scan was almost empty. All the pop-ups that I got before are gone now so I think its relativly clean! :D There is 2 thing that my Search & Destroy can't remove though, Coolwwwsearch and Trek Blue Nuker, it says that those are still in the memory. I have deleted my cookies and temp files but it's still not delete-able. Any tips? Anyway, my comp is working normally again, I can't thank you guys enough, you're the best! :P Link to comment Share on other sites More sharing options...
coltm4carbine Posted January 19, 2006 Share Posted January 19, 2006 ok, as for the about blank it is the sp.html variant. i did post a fix for it but most of the links got censored out. I think of something else... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now