19 replies to this topic

[Eternity]

Hi.

Really need help in removing Smitfraud-C.Toolbar888. :(I use Spybot to remove it but it comes coming back after rescanning. I tried various ways and scanned the system in safe mode with Spybot. Really hope the HijackThis helpers can help me out in this. Thanks for reading this and any help is greatly appreciated.

Heres my hijackthis log file. Thanks.


Logfile of HijackThis v1.99.1
Scan saved at 3:14:21 AM, on 3/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AveDesk\AveDesk.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\CoolMon\CoolMon.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.singnet.com.sg/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AVEDESK] "C:\Program Files\AveDesk\AveDesk.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - 0 - (no file)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[rridgely]

Your computer is badly outdated. You really do need to update to Service Pack 2 and all of the other updates.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

[Eternity]

First of all, thanks for the prompt reply. Oh my god, think have to spend time updating some programs. But first, i hope i can eliminate tis nagging smitfraud thing.
ok i did what u told me in the previous thread.

Here is the report. And many thanks in advance for guiding thru me.

SmitFraudFix v2.158

Scan done at 10:40:12.51, Wed 03/28/2007
Run from C:\Documents and Settings\Now To Eternity\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Now To Eternity


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Now To Eternity\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="file:///C:/DOCUME~1/NOWTOE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/NOWTOE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

[rridgely]

Are you having actuall problems with the pc besides the detection? The reason I ask is that spybot had detected that infection falsely in the past.
Please run the below program:

Download Superantispyware

• Load Superantispyware and click the check for updates button.
  
• Once the update is finished click the scan your computer button.
  
• Check Perform Complete Scan and then next.
  
• Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  
• Make sure that they all have a check next to them and press next.
  
• Click finish and you will be taken back to the main interface.
  
• Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  
• Copy and paste the log onto the forum.

[Eternity]

Thanks for the reply. umm.... Actually im not having major problems with my computer. As in constant popups of ads or restarts. Thank god im not having dat kind of problems. I ran the spyware doctor and found the malware Trojan.Downloader.Small.CML. I tried to scan using spyware doctor in safe mode to remove it but to no effect. So i tried spybot and it didnt dectect the Trojan.Downloader.Small.CML. I ran a scan of my computer wif Superantispyware as wat u told me, and it turns out more spywares or bugs den the previous 2 scanners !! omg ...

Heres the report frm Superantispyware. Please further advise me on the next course of action. Seems like tis Superantispyware turns out so much bugs... very worrying.

SUPERAntiSpyware Scan Log
Generated 03/28/2007 at 11:40 AM

Application Version : 3.6.1000

Core Rules Database Version : 3207
Trace Rules Database Version: 1217

Scan type : Complete Scan
Total Scan Time : 00:28:29

Memory items scanned : 480
Memory threats detected : 1
Registry items scanned : 5858
Registry threats detected : 8
File items scanned : 37659
File threats detected : 89

Trojan.Unknown Origin/System
C:\WINDOWS\SYSTEM32\WINHDN32.DLL
C:\WINDOWS\SYSTEM32\WINHDN32.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\winhdn32

Adware.Tracking Cookie
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@creativeby.viewpoint[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ads.realcastmedia[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@directdl[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@media.putfile[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@wallpapers.automedia[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ad1.clickhype[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@www.clickmanage[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ads.asia1.com[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@azjmp[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@serviceswitching[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@last[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@adinterax[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ad.sensismediasmart.com[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@stats[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@forums.hardwarezone[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@hardwarezone.us.intellitxt[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@www.xstat[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@mediawin.avolutia[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@hurricanedigitalmedia[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@media.movies.ign[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@nextag[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ads.cobrad[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@revsci[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@www.clickapps[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ad.nifty[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ads.singingfool[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ads.neowin[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ads1.megaupload[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@accelerator-media[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@hardwarezone[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@www.zona-warez[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@mb[5].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@www.49media[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@www.short-media[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@z5[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ads.xtramsn.co[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@adopt.euroclick[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@stat.dealtime[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@mb[6].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ads.digitalpoint[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@server.counter-strike[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@m1.webstats4u[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ads.monster[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ads.tripod.lycos.co[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@www.dealtime[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ads.realtechnetwork[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@streamit.hardwarezone[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@superiq[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@superiq[3].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@20051028_e433[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ad.admarketplace[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@clicklab.pctools[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@motorcycle.advertserve[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@sg.hardwarezone[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@breakdancingelite[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@www.burstnet[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@qnsr[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@hardwarezone.com[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@adserver.virgin[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@tacoda[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@rotator.adjuggler[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@pagead[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@counter.chc.org[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ads.vnuemedia[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@server.cpmstar[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@adbrite[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@citi.bridgetrack[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@adultadworld[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ads.addynamix[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ads.mininova[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@clicktracks.barrystickets[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@as-us.falkag[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@nextstat[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@edge.ru4[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@mb[4].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@mb[3].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@counter-strike-dl[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@superiq[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@1067278927[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@questionmarket[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@ads.pointroll[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@1069528289[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@mediafire[1].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@sg[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@devart.adbureau[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@dealtime[2].txt
C:\Documents and Settings\Now To Eternity\Cookies\now to eternity@www.easy-xxx[1].txt

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\SSL.EXE

[rridgely]

Some more scans for you to run through.


Run BitDefender Online Scanner

• Using internet Explorer please go HERE to run BitDefender's Online scan.
  
• Read the terms and then click I Agree
  
• You may receive a Security Warning about the BitDefender ActiveX control, If you do, please allow it to install.
  
• On the scanning Options screen, Press Click Here To Scan and then follow the on screen prompts.
  
• Once bit defender is finished scanning your computer it will automatically remove the infections. Once the removal process is finished press the close button and a dialog box will appear asking if you want to send your scan log back to the makers of bitdefender. You do not have to do this but what you do want to do is press the button that says "view log" and then copy and paste that log into notepad and save it to your desktop as bitdefender.txt.
  
• Reboot your computer

Download AVG Anti-Spyware

• Load AVG antispyware and then click the Update tab at the top. Under Manual Update click Start update.
  
• After the update finishes (the status bar at the bottom will display "Update successful")
  
• Click on the Scanner tab at the top and then click on Complete System Scan
  
• Ewido will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG antispyware will then display "All actions have been applied" on the right.
  
• Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back

Note that this is not AVG antivirus but the program formally known as Ewido.


Post back the logs for me too look at.

[Eternity]

Hi
I did what u told me, but i couldnt load the BitDefender Online Scanner. The scanner says there's no update virsu definitions. I tried to reload the website and changed the activeX settings to allow activeXs to be installed but no effect. But i downloaded and updated the AVG antispyware. I did a scan of my computer and here's the result.

Please advise. Many thanks in advance.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:58:59 PM 3/28/2007

+ Scan result:



C:\System Volume Information\_restore{D6901405-2686-4337-AE4D-24023F860A0F}\RP458\A0196083.exe -> Downloader.Small.edb : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Now To Eternity\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.38:C:\Documents and Settings\Now To Eternity\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.39:C:\Documents and Settings\Now To Eternity\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.40:C:\Documents and Settings\Now To Eternity\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.41:C:\Documents and Settings\Now To Eternity\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.42:C:\Documents and Settings\Now To Eternity\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.43:C:\Documents and Settings\Now To Eternity\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.44:C:\Documents and Settings\Now To Eternity\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.45:C:\Documents and Settings\Now To Eternity\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
C:\System Volume Information\_restore{D6901405-2686-4337-AE4D-24023F860A0F}\RP458\A0196000.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win2C.tmp.exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win3C.tmp.exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win45.tmp.exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win55.tmp.exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win97.tmp.exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).


::Report end

[rridgely]

Ok, try this online scanner instead then:

Run Kaspersky WebScanner

• Please go HERE and click Kaspersky Online Scanner
  
• Read and Accept the Agreement
  
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  
• If you see a Windows dialog asking if you want to install this software, click the Install button.
  
• The program will launch and then begin downloading the latest definition files,
  
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  
• Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  
• Under "Please select a target to scan:", click My Computer to start the scan.
  
• When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  
• Paste kaspersky log onto forum.

[Eternity]

Wow... Kaspersky Online Scanner took an hr and haf to scan finish my computer. Fall aslp hafway. Hopefully this will help. Thanks alot in advance !!!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 28, 2007 11:06:30 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/03/2007
Kaspersky Anti-Virus database records: 288125
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 73036
Number of viruses found: 28
Number of infected objects: 62 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:46:13

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Now To Eternity\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\cert8.db Object is locked skipped
C:\Documents and Settings\Now To Eternity\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\history.dat Object is locked skipped
C:\Documents and Settings\Now To Eternity\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\key3.db Object is locked skipped
C:\Documents and Settings\Now To Eternity\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\parent.lock Object is locked skipped
C:\Documents and Settings\Now To Eternity\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Now To Eternity\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Now To Eternity\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Now To Eternity\Desktop\Tools\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Now To Eternity\Desktop\Tools\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Now To Eternity\Desktop\Tools\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Now To Eternity\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Now To Eternity\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Now To Eternity\Local Settings\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\Cache\633285D9d01/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Now To Eternity\Local Settings\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\Cache\633285D9d01 ZIP: infected - 1 skipped
C:\Documents and Settings\Now To Eternity\Local Settings\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Now To Eternity\Local Settings\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Now To Eternity\Local Settings\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Now To Eternity\Local Settings\Application Data\Mozilla\Firefox\Profiles\qpf4u74j.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Now To Eternity\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Now To Eternity\Local Settings\History\History.IE5\MSHist012007032820070329\index.dat Object is locked skipped
C:\Documents and Settings\Now To Eternity\Local Settings\Temp\mpl515.tmp Object is locked skipped
C:\Documents and Settings\Now To Eternity\Local Settings\Temp\mpl516.tmp Object is locked skipped
C:\Documents and Settings\Now To Eternity\Local Settings\Temp\Perflib_Perfdata_69c.dat Object is locked skipped
C:\Documents and Settings\Now To Eternity\Local Settings\Temp\Perflib_Perfdata_718.dat Object is locked skipped
C:\Documents and Settings\Now To Eternity\Local Settings\Temp\~DF3954.tmp Object is locked skipped
C:\Documents and Settings\Now To Eternity\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Now To Eternity\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Now To Eternity\NTUSER.DAT.LOG Object is locked skipped
C:\mIRC\mirc.BAK Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine4984849.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine4984849.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine4984849.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine4984849.zip ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine4984849.zip CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine57E0C68.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Program Files\Norton AntiVirus\Quarantine644441E.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine644441E.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine644441E.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine644441E.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine644441E.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine644441E.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine64A1817.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine64E4214.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine6516C10.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine96F3A11.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Program Files\Norton AntiVirus\QuarantineCEB46A0 Infected: Trojan.Java.ClassLoader.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\12CF62B6.tmp/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\12CF62B6.tmp/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\12CF62B6.tmp/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\12CF62B6.tmp ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\12CF62B6.tmp CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\12FB5C7A.tmp/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\12FB5C7A.tmp/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\12FB5C7A.tmp/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\12FB5C7A.tmp ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\12FB5C7A.tmp CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\12FE0676.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\13013072.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\1308046B.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\19431289 Infected: Trojan.Java.ClassLoader.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\1E455C26.exe Infected: Backdoor.Win32.Iroffer.13b7 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F981292 Infected: Backdoor.Win32.Rbot.adf skipped
C:\Program Files\Norton AntiVirus\Quarantine\22866F73.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\2289196F.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\228C436C.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\2626056E.exe Infected: Trojan-Downloader.Win32.Small.bho skipped
C:\Program Files\Norton AntiVirus\Quarantine\2626056E.qtdfmp Infected: Trojan-Downloader.Win32.Small.bho skipped
C:\Program Files\Norton AntiVirus\Quarantine\30F10DEC.exe Infected: Net-Worm.Win32.Padobot.m skipped
C:\Program Files\Norton AntiVirus\Quarantine\311E03A8.exe Infected: Backdoor.Win32.PoeBot.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\389A4790 Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\Program Files\Norton AntiVirus\Quarantine\3CA26D3D.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\Program Files\Norton AntiVirus\Quarantine\3E604124.exe Infected: Trojan-Dropper.Win32.VB.fr skipped
C:\Program Files\Norton AntiVirus\Quarantine\40FB3C42 Infected: Net-Worm.Win32.Padobot.m skipped
C:\Program Files\Norton AntiVirus\Quarantine\54B53976 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\Program Files\Norton AntiVirus\Quarantine\658A6552 Infected: Trojan-Downloader.Win32.Small.cbe skipped
C:\Program Files\Norton AntiVirus\Quarantine\669106D4 Infected: not-a-virus:AdWare.Win32.Apropos.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\70C81A92 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\Program Files\Norton AntiVirus\Quarantine\70CB448F Infected: Trojan-Downloader.Win32.IstBar.nv skipped
C:\Program Files\Norton AntiVirus\Quarantine\7E4305E7 Infected: Trojan.Java.ClassLoader.h skipped
C:\System Volume Information\_restore{D6901405-2686-4337-AE4D-24023F860A0F}\RP460\A0197662.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{D6901405-2686-4337-AE4D-24023F860A0F}\RP460\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\ETERNITY.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\ZLT037b3.TMP Object is locked skipped
F:\System Volume Information\_restore{D6901405-2686-4337-AE4D-24023F860A0F}\RP460\change.log Object is locked skipped
G:\System Volume Information\_restore{D6901405-2686-4337-AE4D-24023F860A0F}\RP460\change.log Object is locked skipped
H:\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
H:\mIRC\download\Win_XP_service_pack_1_license_hack.rar/WindowsXP Product Key Tester.exe Infected: Backdoor.Win32.SdBot.gen skipped
H:\mIRC\download\Win_XP_service_pack_1_license_hack.rar RAR: infected - 1 skipped
H:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
H:\System Volume Information\_restore{D6901405-2686-4337-AE4D-24023F860A0F}\RP460\change.log Object is locked skipped
I:\System Volume Information\_restore{D6901405-2686-4337-AE4D-24023F860A0F}\RP460\change.log Object is locked skipped

Scan process completed.

[rridgely]

Delete this file:
H:\mIRC\download\Win_XP_service_pack_1_license_hack.rar

hacks and cracks almost 100% of the time contain viruses.


Clear your norton quarantine and your pc should be clean.

[Eternity]

ok.. i did wat u said. i deleted this file --> H:\mIRC\download\Win_XP_service_pack_1_license_hack.rar Thanks for the advice.

But the spybot s & d search still dectect Smitfraud-C.Toolbar888, what shld i do about it?

So my computer is now sort of cleaner ??

[rridgely]

Like I said, I believe that is an error with spybot. The reason I had you run all of those other scans was because your pc was infected with a bunch of stuff spybot was missing.

Here is another scan you can run to be sure if you want:

Please download WebRoot SpySweeper from HERE (It's a 14 day trial):

• Click the Download now link on the right to download the program.
  
• Double-click the file to install it as follows:

• Click "Next", read the agreement, Click "Next"
  
• Choose "Custom" click "Next".
  
• Leave the default installation directory as it is, then click "Next".
  
• UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
  
• On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
  
• Finally, click "Install"

• Once the program is installed, it will open.
  
• It will prompt you to update to the latest definitions, click Yes.
  
• Once the definitions are installed, disconnect from the internet.
  
• Click Options on the left side.
  
• Click the Sweep Options tab.
  
• Under What to Sweep please put a check next to the following:
  
• Sweep Memory
  
• Sweep Registry
  
• Sweep Cookies
  
• Sweep All User Accounts
  
• Enable Direct Disk Sweeping
  
• Sweep Contents of Compressed Files
  
• Sweep for Rootkits
  
• Please UNCHECK Do not Sweep System Restore Folder.

• Click Sweep Now on the left side.
  
• Click the Start button.
  
• When it's done scanning, click the Next button.
  
• Make sure everything has a check next to it, then click the Next button.
  
• It will remove all of the items found.
  
• Click Session Log in the upper right corner, copy everything in that window.
  
• Click the Summary tab and click Finish.
  
• Paste the contents of the session log you copied into your next reply.

[Eternity]

Sorry for my ignorance. Yah. The scans from other programs turn out stuffs which spybot never detected.
Ok. I got one more problem surfaced, not sure was it due to cleaning of my system which caused this error.
Everytime when i double click Zonealarm from the taskbar to launch it and i toggle only 2 or 3 times between
the tabs within zonealarm, there will a b warning balloon popup. The warning was something like
Zonealarm Security alert Dangerous Behaviour c:program files\zonelabs\zonealarm\zlclient.exe (Zone Labs Client) event=0 subevent=0 class=1 .

When i click the deny in the balloon, it hang. I do the 3 finger salute(ctrl+alt+del) to stop zonealarms from working but no effect.

I dunnoe if i should reinstall the same program as i worried it will mess up my firewall settings. Please advise on this. Thanks a million.!

[rridgely]

From the description you just mentioned, I think zone alarm is asking for approval for its own service. When you deny it, its crashing because its not being allowed to do whatever its needing to do.

[Eternity]

Yah. But i find it odd. All along it never happens, as in asking for its own right. But i did click on allow, and the whole program juz hang. Please advice more. Thanks !!

And heres the webroot spy sweeper results. Please help me go through it and c if anyting wrong. And thanks again !!


11:09 PM: Removal process completed. Elapsed time 00:00:01
11:09 PM: Quarantining All Traces: servlet cookie
11:09 PM: Quarantining All Traces: 64.62.232 cookie
11:09 PM: Quarantining All Traces: 5 cookie
11:09 PM: Quarantining All Traces: sogou
11:09 PM: Removal process initiated
11:02 PM: Traces Found: 8
11:02 PM: Custom Sweep has completed. Elapsed time 00:09:58
11:02 PM: File Sweep Complete, Elapsed Time: 00:08:30
11:00 PM: Warning: PCRE_ERROR_BADUTF8
11:00 PM: Warning: PCRE_ERROR_BADUTF8
11:00 PM: Warning: Failed to open file "c:\documents and settings\now to eternity\application data\mozilla\firefox\profiles\qpf4u74j.default\parent.lock". The operation completed successfully
10:59 PM: Warning: PCRE_ERROR_BADUTF8
10:59 PM: Warning: PCRE_ERROR_BADUTF8
10:59 PM: Warning: Failed to open file "c:\documents and settings\now to eternity\local settings\temp\mpl59.tmp". The operation completed successfully
10:57 PM: C:\Program Files\Real Alternative\RealMediaSplitter.ax (ID = 385620)
10:57 PM: Found Adware: sogou
10:54 PM: Warning: PCRE_ERROR_BADUTF8
10:53 PM: Starting File Sweep
10:53 PM: Cookie Sweep Complete, Elapsed Time: 00:00:07
10:53 PM: c:\documents and settings\now to eternity\cookies\now to eternity@servlet[1].txt (ID = 3345)
10:53 PM: Found Spy Cookie: servlet cookie
10:53 PM: c:\documents and settings\now to eternity\cookies\now to eternity@64.62.232[6].txt (ID = 1987)
10:53 PM: c:\documents and settings\now to eternity\cookies\now to eternity@64.62.232[5].txt (ID = 1987)
10:53 PM: c:\documents and settings\now to eternity\cookies\now to eternity@64.62.232[3].txt (ID = 1987)
10:53 PM: c:\documents and settings\now to eternity\cookies\now to eternity@64.62.232[2].txt (ID = 1987)
10:53 PM: c:\documents and settings\now to eternity\cookies\now to eternity@64.62.232[1].txt (ID = 1987)
10:53 PM: Found Spy Cookie: 64.62.232 cookie
10:53 PM: c:\documents and settings\now to eternity\cookies\now to eternity@5[2].txt (ID = 1979)
10:53 PM: Found Spy Cookie: 5 cookie
10:53 PM: Starting Cookie Sweep
10:53 PM: Registry Sweep Complete, Elapsed Time:00:00:12
10:53 PM: ApplicationMinimized - EXIT
10:53 PM: ApplicationMinimized - EXIT
10:53 PM: ApplicationMinimized - ENTER
10:53 PM: ApplicationMinimized - ENTER
10:53 PM: Starting Registry Sweep
10:53 PM: Memory Sweep Complete, Elapsed Time: 00:01:05
10:52 PM: Starting Memory Sweep
10:52 PM: Start Custom Sweep
10:52 PM: Sweep initiated using definitions version 887
10:47 PM: None
10:47 PM: Traces Found: 0
10:47 PM: Memory Sweep Complete, Elapsed Time: 00:00:03
10:47 PM: Sweep Canceled
10:47 PM: Starting Memory Sweep
10:47 PM: Start Full Sweep
10:47 PM: Sweep initiated using definitions version 887
10:45 PM: Your spyware definitions have been updated.
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
10:45 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Zone Labs Client. Failure: Failed to set data for 'Zone Labs Client'
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
10:45 PM: Shield States
10:45 PM: Spyware Definitions: 866
10:45 PM: Spy Sweeper 5.3.2.2361 started
10:45 PM: Spy Sweeper 5.3.2.2361 started
10:45 PM: | Start of Session, Thursday, March 29, 2007 |
***************
10:38 PM: Program Version 5.3.2.2361 Using Spyware Definitions 866
10:38 PM: Spy Sweeper 5.3.2.2361 started
10:38 PM: | Start of Session, Thursday, March 29, 2007 |
***************
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
10:39 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Zone Labs Client. Failure: Failed to set data for 'Zone Labs Client'
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
10:38 PM: Shield States
10:38 PM: Spyware Definitions: 866
10:38 PM: Spy Sweeper 5.3.2.2361 started
10:38 PM: Spy Sweeper 5.3.2.2361 started
10:38 PM: | Start of Session, Thursday, March 29, 2007 |
***************

[rridgely]

Try uninstalling Zone Alarm and then reinstalling it.
Are you using the newest version?(7 is the newest I believe)

[Eternity]

Im using Zonealarm Pro 6.0.667.000. Guess i have to keep my fingers crossed and hope nothing happens after i reinstall zonalarm.

Regarding the log, is there anyting wrong ?

Many thanks. !

[rridgely]

Looks to me like it just found cookies and some adware infection that it says it fixed. Nothing major.
You can uninstall webroot if you want because its just a trial. The others you can/should keep though because they can be used to update and scan with after their trials are up.

[Eternity]

First and foremost ... really hav to thank you rridgely for solving my problems.. For now, my system is still running smoothly. So far no hiccups.. Really appreciate it...

After guiding me thru all those steps, i did learned alot.. so im spreading
hard earned knowledge wif those around me as in helping my frens in troubleshooting their system for malwares and spywares..

[rridgely]

Good to hear.
If you ever run into a problem you just cant seem to fix, just start a topic with a hijackthis log and I'll be more than happy to help out.