Computer Hope
Microsoft => Microsoft Windows => Windows XP => Topic started by: ras90 on August 01, 2007, 08:25:25 AM
-
hi, i previously had a trojan called tibs c on my computer which i wasnt to concerned about however now i went on a website that randomly said "connecting to PC" or something like that and since then i can not enter my internet properties it says i have insufficient admin rights and it has removed my control panel, furthermore when i do scan it find problems e.g. change to boot sector and in the C drive, however soon after some icon appears (yellow triangle with explanation mark) telling me to download some anti spywhere program which i havnt done so far as i dont trust the icon, can you please tell me a solution.
thankyou
-
smitfruad infection, look here (http://www.bleepingcomputer.com/forums/topic17258.html) for help removing the infection.
what protections do you currently have on your computer? whats your OS?
also can you post a hijackthis log (http://www.merijn.org/files/hijackthis.zip) to be looked at?
-
i am a bit of a novice at this, what is a hijack log, i have avg free protection on it and i have microsoft xp
-
hijackthis is a program to help us detect infections on your computer. don't worry its clean just don't remove anything without one of our instruction. do the system scan and save log and post the log on here. itll take up to 2 or 3 posts sometimes to get it all in.
-
8)
Viruses can often get stuck and hidden in Window's system restore area. This recipe will describe how to remove this hidden danger if you get infected.
Virus checkers often have difficulty clearing infected virus files from your system restore directory.
If you have recently had a virus, most likely it is now stored in your system restore directory. This will cause problems because your virus checker will repeatedly find it but be unable to clear it. Likewise, if you ever need to restore that drive, the virus infected file will also restored.
This is easily fixed if you take a few precautions.
(Disclaimer: The safest course of action for a virus infected computer is to first backup everything. Some viruses are very destuctive and different virus cleaning software packages will have varying degrees of success cleaning the files without introducing errors. If one virus cleaner doesn't work, you can also restore and try a different one.)
On to cleaning out any viruses trapped in your system restore area...
1. First make sure you don't have any infected files anywhere else in your system. Run a complete search for your favorite (database recently updated) virus checker.
2. If viruses are found and cleaned, run those programs afterwards to insure they are running correctly.
3. If everything is running well, clear your system restore area by doing the following:
- Right-click on My Computer and select properties
- Select System Restore
- Select Turn Off System Restore On All Drives
- Select Apply
- There will be a warning saying that you will not be able to restore your computer after this point. (This is why it was important to make sure everything was running well before committing to this.)
- Select Yes Your system restore directories will be purged.
4. Repeat the process and turn system restore back on.
-
hi ive downloaded the stopzilla program but i cant get the hijack program to work (well install is the problem), is their any easy way to do this?
-
what error are you recieving? and just open the zip file and make a folder called hijackthis on your desktop and drag the .exe file into hte folder
-
It should actually be installed in it's own folder...i don't name it HijackThis because some malware has been seen that is sophisticated enough to shut it down.
After installing it into it's own directory you can then place a shortcut on the desktop if need be.
P.S. To double check if Control Panel has been disabled run the following:
Start->Run->gpedit.msc->User Configuration->Administrative Templates->Control Panel
You need to be logged on as Administrator to make these changes...
-
Logfile of HijackThis v1.99.1
Scan saved at 20:47:39, on 01/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\printer.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1154598357\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\FunTV Installation\T7Ir9x.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\common files\aol\1154598357\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1154598357\ee\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Simpson\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiny.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154598357\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: system.exe
O4 - Global Startup: FunTV Remote Control.lnk = ?
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: autorun.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiny.com
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB5BB8B7-9AA3-41C1-B582-779DFB8CCFFD}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\hrum161.txt
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
-
********* PLEASE DON'T DELETE THESE YET****************************
C:\WINDOWS\System32\printer.exe
C:\WINDOWS\kdx\KHost.exe ( looks fishy)
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - Startup: system.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB5BB8B7-9AA3-41C1-B582-779DFB8CCFFD}: NameServer = 205.188.146.145
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe (looks fishy)
O20 - AppInit_DLLs: C:\WINDOWS\System32\hrum161.txt (whats this)
some entries i found that i don't trust or know lets see what the other members have to say
-
also your computer is alil out of date you need sp2 for xp and ie ( or go up to ie7) but first lets get the infection out
also your running hijackthis from a temp folder make a folder on your desktop and extract hijackthis to that folder
-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/01/2007 at 09:30 PM
Application Version : 3.9.1008
Core Rules Database Version : 3276
Trace Rules Database Version: 1287
Scan type : Complete Scan
Total Scan Time : 00:55:47
Memory items scanned : 652
Memory threats detected : 0
Registry items scanned : 5852
Registry threats detected : 0
File items scanned : 68625
File threats detected : 287
Adware.Tracking Cookie
C:\Documents and Settings\Simpson\Cookies\simpson@atdmt[2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@amaena[1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@adbrite[3].txt
C:\Documents and Settings\Simpson\Cookies\simpson@roiservice[1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@adtech[4].txt
C:\Documents and Settings\Simpson\Cookies\simpson@hitbox[2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@2o7[3].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][4].txt
C:\Documents and Settings\Simpson\Cookies\simpson@statcounter[1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@clickteam[1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@adrevolver[8].txt
C:\Documents and Settings\Simpson\Cookies\simpson@mediaplex[1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@serving-sys[4].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@adrevolver[9].txt
C:\Documents and Settings\Simpson\Cookies\simpson@advertising[3].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@winantispyware[2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@1072588149[1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@questionmarket[4].txt
C:\Documents and Settings\Simpson\Cookies\simpson@1061141155[1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@specificclick[3].txt
C:\Documents and Settings\Simpson\Cookies\simpson@zedo[3].txt
C:\Documents and Settings\Simpson\Cookies\simpson@161[2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@tradedoubler[4].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][4].txt
C:\Documents and Settings\Simpson\Cookies\simpson@cgi-bin[4].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][3].txt
C:\Documents and Settings\Simpson\Cookies\simpson@doubleclick[1].txt
C:\Documents and Settings\Simpson\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][3].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][3].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@247realmedia[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@2o7[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@2o7[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][3].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@adrevolver[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
-
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][3].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@adtech[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@advertising[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@advertising[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@apmebf[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@atdmt[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@atwola[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@atwola[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@bluestreak[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@bluestreak[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][3].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@burstnet[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@casalemedia[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@casalemedia[3].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@doubleclick[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and
-
Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][3].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@fastclick[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@fastclick[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@hitbox[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@hitbox[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@linksynergy[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@maxserving[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@mediaplex[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@overture[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@pcstats[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@questionmarket[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@questionmarket[3].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@realmedia[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@revsci[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@serving-sys[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@serving-sys[3].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@statcounter[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@statcounter[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][3].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@tacoda[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@teamtalkmedia[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@tradedoubler[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@tradedoubler[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@tribalfusion[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@tribalfusion[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@valueclick[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@valueclick[3].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@xiti[1].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@zedo[2].txt
C:\Documents and Settings\Simpson\Desktop\simpson backup\Documents and Settings\Keith\Cookies\keith@zedo[3].txt
C:\Documents and Settings\Simpson\Cookies\simpson@doubleclick[2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@yadro[2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@tacoda[2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@adrevolver[2].txt
-
C:\Documents and Settings\Simpson\Cookies\simpson@serving-sys[2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@atwola[1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@advertising[4].txt
C:\Documents and Settings\Simpson\Cookies\simpson@247realmedia[1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@adtech[2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@interclick[1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@fastclick[2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@adserver[1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@tribalfusion[1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@zedo[2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@tradedoubler[2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@advertising[2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@2o7[1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@serving-sys[1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@adrevolver[1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@adrevolver[4].txt
C:\Documents and Settings\Simpson\Cookies\simpson@hitbox[1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@questionmarket[2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@revsci[2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@tradedoubler[1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@qksrv[1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@apmebf[1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@adserver[2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@atwola[2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@adbrite[2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@fortunecity[1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@yadro[3].txt
C:\Documents and Settings\Simpson\Cookies\simpson@superstats[1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@targetnet[1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@spylog[1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@advertising[1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@stats[1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][3].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][3].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@sextracker[1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@bluestreak[2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@specificclick[1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@fastclick[1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@adrevolver[6].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][3].txt
C:\Documents and Settings\Simpson\Cookies\simpson@revenue[2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\simpson@kanoodle[1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@weborama[1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@statcounter[2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@adrevolver[5].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@likecrack[1].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
C:\Documents and Settings\Simpson\Cookies\simpson@questionmarket[3].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][2].txt
C:\Documents and Settings\Simpson\Cookies\[email protected][1].txt
-
Yeah, most of the things unlovedwarrior suspects are fairly bad. I hope you moved HijackThis to a permanent location like he suggested. This is important.
Now, let's see what we can do here for you... Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe (There are two of this one.)
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O20 - AppInit_DLLs: C:\WINDOWS\System32\hrum161.txt
Now, close all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and reboot into Safe Mode (http://www.computerhope.com/issues/chsafe.htm) and enable hidden files and folders (http://www.computerhope.com/issues/ch000516.htm).
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following (if present)...
Alexa
Please note any other programs that you dont recognize in that list in your next response.
Navigate to and delete the following file(s) if present...
C:\WINDOWS\System32\autorun.exe
C:\WINDOWS\System32\printer.exe
C:\WINDOWS\System32\system.exe
C:\WINDOWS\System32\WinAvXX.exe
C:\WINDOWS\web\related.htm
Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up. Let me know how everything's running now and if you had any problems following my steps.
Also...go ahead and download ComboFix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls.
-
sweet i was right
-
SmitFraudFix v2.207
Scan done at 19:56:37.21, 03/08/2007
Run from C:\Documents and Settings\Simpson\My Documents\My Received Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost #***Inserted By STOPzilla***
127.0.0.1 0websearch.com # ***Inserted By STOPzilla***
127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
127.0.0.1 600pics.com # ***Inserted By STOPzilla***
127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
127.0.0.1 alex.fileburst.com # ***Inserted By STOPzilla***
127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla***
127.0.0.1 awmdabest.com # ***Inserted By STOPzilla***
127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
127.0.0.1 barteros.net # ***Inserted By STOPzilla***
127.0.0.1 best4all.net # ***Inserted By STOPzilla***
127.0.0.1 besthardcore.net # ***Inserted By STOPzilla***
127.0.0.1 best-targeted-traffic.com # ***Inserted By STOPzilla***
127.0.0.1 bins.elitemediagroup.net # ***Inserted By STOPzilla***
127.0.0.1 bn.i-ru.net # ***Inserted By STOPzilla***
127.0.0.1 brazauskas.info # ***Inserted By STOPzilla***
127.0.0.1 bundleware.com # ***Inserted By STOPzilla***
127.0.0.1 burnsrecyclinginc.com # ***Inserted By STOPzilla***
127.0.0.1 campaigns.interclick.com # ***Inserted By STOPzilla***
127.0.0.1 centralgate.biz # ***Inserted By STOPzilla***
127.0.0.1 clickfast.biz # ***Inserted By STOPzilla***
127.0.0.1 code.jcash.biz # ***Inserted By STOPzilla***
127.0.0.1 code.trasferimento.biz # ***Inserted By STOPzilla***
127.0.0.1 command.adservs.com # ***Inserted By STOPzilla***
127.0.0.1 content.dollarrevenue.com # ***Inserted By STOPzilla***
127.0.0.1 content.exetraffic.com # ***Inserted By STOPzilla***
127.0.0.1 content2.dollarrevenue.com # ***Inserted By STOPzilla***
127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla***
127.0.0.1 cumhereteens.com # ***Inserted By STOPzilla***
127.0.0.1 cyber-search.biz # ***Inserted By STOPzilla***
127.0.0.1 ddh24.com # ***Inserted By STOPzilla***
127.0.0.1 dedmazai.com # ***Inserted By STOPzilla***
127.0.0.1 dnv-counter.com # ***Inserted By STOPzilla***
127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
127.0.0.1 download.accessmedia.tv # ***Inserted By STOPzilla***
127.0.0.1 download.jupitersatellites.biz # ***Inserted By STOPzilla***
127.0.0.1 exeloads.info # ***Inserted By STOPzilla***
127.0.0.1 faccesborrate.com # ***Inserted By STOPzilla***
127.0.0.1 flavinha.com # ***Inserted By STOPzilla***
127.0.0.1 forlink.biz # ***Inserted By STOPzilla***
127.0.0.1 freevideo24.com # ***Inserted By STOPzilla***
127.0.0.1 fullbizzone.com # ***Inserted By STOPzilla***
127.0.0.1 game4all.biz # ***Inserted By STOPzilla***
127.0.0.1 get-access.host.sk # ***Inserted By STOPzilla***
127.0.0.1 go-pic.com # ***Inserted By STOPzilla***
127.0.0.1 granjerascachondas.com # ***Inserted By STOPzilla***
127.0.0.1 greatgoodsex.com # ***Inserted By STOPzilla***
127.0.0.1 heretofind.com # ***Inserted By STOPzilla***
127.0.0.1 hqthumbz.com # ***Inserted By STOPzilla***
127.0.0.1 it.online-more.com # ***Inserted By STOPzilla***
127.0.0.1 its.justcount.net # ***Inserted By STOPzilla***
127.0.0.1 krovalidajop.com # ***Inserted By STOPzilla***
127.0.0.1 l.mezzicodec.net # ***Inserted By STOPzilla***
127.0.0.1 lust-mature.com # ***Inserted By STOPzilla***
127.0.0.1 mikos.paraisoasiatico.com # ***Inserted By STOPzilla***
127.0.0.1 mmm.elitemediagroup.net # ***Inserted By STOPzilla***
-
127.0.0.1 more-pages.com # ***Inserted By STOPzilla***
127.0.0.1 morteen.net # ***Inserted By STOPzilla***
127.0.0.1 moviecsodecs.com # ***Inserted By STOPzilla***
127.0.0.1 ms-counter.com # ***Inserted By STOPzilla***
127.0.0.1 msmn.com # ***Inserted By STOPzilla***
127.0.0.1 musah.info # ***Inserted By STOPzilla***
127.0.0.1 netincap.com # ***Inserted By STOPzilla***
127.0.0.1 newsh.com # ***Inserted By STOPzilla***
127.0.0.1 niuqennaois.com # ***Inserted By STOPzilla***
127.0.0.1 nnew-adult.info # ***Inserted By STOPzilla***
127.0.0.1 *censored*-teen-bodies.com # ***Inserted By STOPzilla***
127.0.0.1 onlyhotlinks.com # ***Inserted By STOPzilla***
127.0.0.1 on-search.com # ***Inserted By STOPzilla***
127.0.0.1 picshunter.us # ***Inserted By STOPzilla***
127.0.0.1 picslab.com # ***Inserted By STOPzilla***
127.0.0.1 prevedtraf.biz # ***Inserted By STOPzilla***
127.0.0.1 promo.dollarrevenue.com # ***Inserted By STOPzilla***
127.0.0.1 redirect.msupdate.net # ***Inserted By STOPzilla***
127.0.0.1 rogalik.net # ***Inserted By STOPzilla***
127.0.0.1 search4www.com # ***Inserted By STOPzilla***
127.0.0.1 search-biz.biz # ***Inserted By STOPzilla***
127.0.0.1 searchforit.com # ***Inserted By STOPzilla***
127.0.0.1 searchx.cc # ***Inserted By STOPzilla***
127.0.0.1 sex-pics.biz # ***Inserted By STOPzilla***
127.0.0.1 sexyfaceplace.com # ***Inserted By STOPzilla***
127.0.0.1 snow410.info # ***Inserted By STOPzilla***
127.0.0.1 software.topinstalls.com # ***Inserted By STOPzilla***
127.0.0.1 sp2admin.biz # ***Inserted By STOPzilla***
127.0.0.1 surubanet.com # ***Inserted By STOPzilla***
127.0.0.1 teadis.net # ***Inserted By STOPzilla***
127.0.0.1 teen-biz.com # ***Inserted By STOPzilla***
127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
127.0.0.1 teenygirlshome.com # ***Inserted By STOPzilla***
127.0.0.1 traff5all.biz # ***Inserted By STOPzilla***
127.0.0.1 traffbest.biz # ***Inserted By STOPzilla***
127.0.0.1 traffbucks.biz # ***Inserted By STOPzilla***
127.0.0.1 traffmoney.biz # ***Inserted By STOPzilla***
127.0.0.1 ukstories.net # ***Inserted By STOPzilla***
127.0.0.1 ultra-search.biz # ***Inserted By STOPzilla***
127.0.0.1 uniq-soft.com # ***Inserted By STOPzilla***
127.0.0.1 vivisexy.com # ***Inserted By STOPzilla***
127.0.0.1 wearehosters.com # ***Inserted By STOPzilla***
127.0.0.1 www.0websearch.com # ***Inserted By STOPzilla***
127.0.0.1 www.600pics.com # ***Inserted By STOPzilla***
127.0.0.1 www.abetterstart.com # ***Inserted By STOPzilla***
127.0.0.1 www.all-tgp.org # ***Inserted By STOPzilla***
127.0.0.1 www.all-websearch.com # ***Inserted By STOPzilla***
127.0.0.1 www.axmediaproject.com # ***Inserted By STOPzilla***
127.0.0.1 www.bailefunk.com # ***Inserted By STOPzilla***
127.0.0.1 www.best4all.net # ***Inserted By STOPzilla***
127.0.0.1 www.besthardcore.net # ***Inserted By STOPzilla***
127.0.0.1 www.bundleware.com # ***Inserted By STOPzilla***
127.0.0.1 www.burnsrecyclinginc.com # ***Inserted By STOPzilla***
127.0.0.1 www.coolwebsearch.com # ***Inserted By STOPzilla***
127.0.0.1 www.dedmazai.com # ***Inserted By STOPzilla***
127.0.0.1 www.flavinha.com # ***Inserted By STOPzilla***
127.0.0.1 www.granjerascachondas.com # ***Inserted By STOPzilla***
127.0.0.1 www.heretofind.com # ***Inserted By STOPzilla***
127.0.0.1 www.hqthumbz.com # ***Inserted By STOPzilla***
127.0.0.1 www.jtreeproperties.com # ***Inserted By STOPzilla***
127.0.0.1 www.lattefresco.biz # ***Inserted By STOPzilla***
127.0.0.1 www.lust-mature.com # ***Inserted By STOPzilla***
127.0.0.1 www.mikos.paraisoasiatico.com # ***Inserted By STOPzilla***
127.0.0.1 www.more-pages.com # ***Inserted By STOPzilla***
127.0.0.1 www.msmn.com # ***Inserted By STOPzilla***
127.0.0.1 www.msnwm.com # ***Inserted By STOPzilla***
127.0.0.1 www.newsh.com # ***Inserted By STOPzilla***
127.0.0.1 www.*censored*-teens-bodies.com # ***Inserted By STOPzilla***
127.0.0.1 www.onli-ne.com # ***Inserted By STOPzilla***
127.0.0.1 www.onlyhotlinks.com # ***Inserted By STOPzilla***
127.0.0.1 www.on-search.com # ***Inserted By STOPzilla***
127.0.0.1 www.picshunter.us # ***Inserted By STOPzilla***
127.0.0.1 www.picslab.com # ***Inserted By STOPzilla***
127.0.0.1 www.procounter.biz # ***Inserted By STOPzilla***
127.0.0.1 www.search4www.com # ***Inserted By STOPzilla***
127.0.0.1 www.searchforit.com # ***Inserted By STOPzilla***
127.0.0.1 www.searchx.cc # ***Inserted By STOPzilla***
127.0.0.1 www.sex-pics.biz # ***Inserted By STOPzilla***
127.0.0.1 www.sp2admin.biz # ***Inserted By STOPzilla***
127.0.0.1 www.spamcatchero.biz # ***Inserted By STOPzilla***
127.0.0.1 www.surubanet.com # ***Inserted By STOPzilla***
127.0.0.1 www.teen-biz.com # ***Inserted By STOPzilla***
127.0.0.1 www.teen-fantazi.com # ***Inserted By STOPzilla***
127.0.0.1 www.teenygirlshome.com # ***Inserted By STOPzilla***
127.0.0.1 www.traff4ppc.biz # ***Inserted By STOPzilla***
127.0.0.1 www.ufixer.com # ***Inserted By STOPzilla***
127.0.0.1 www.vivisexy.com # ***Inserted By STOPzilla***
127.0.0.1 www.voghp.com # ***Inserted By STOPzilla***
127.0.0.1 www.wearehosters.com # ***Inserted By STOPzilla***
127.0.0.1 www.ysbweb.com # ***Inserted By STOPzilla***
127.0.0.1 www.zgallery.us # ***Inserted By STOPzilla***
127.0.0.1 www.zonebest.com # ***Inserted By STOPzilla***
127.0.0.1 ybbwxlxytz.biz # ***Inserted By STOPzilla***
127.0.0.1 yepjnddqpq.biz # ***Inserted By STOPzilla***
127.0.0.1 yhvoo.eseconsult.info # ***Inserted By STOPzilla***
127.0.0.1 yougoodheer.com # ***Inserted By STOPzilla***
127.0.0.1 ysbweb.com # ***Inserted By STOPzilla***
127.0.0.1 z-advertise.com # ***Inserted By STOPzilla***
127.0.0.1 zchxsikpgz.biz # ***Inserted By STOPzilla***
127.0.0.1 zgallery.us # ***Inserted By STOPzilla***
127.0.0.1 zonebest.com # ***Inserted By STOPzilla***
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 205.188.146.145
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FB5BB8B7-9AA3-41C1-B582-779DFB8CCFFD}: NameServer=205.188.146.145
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FB5BB8B7-9AA3-41C1-B582-779DFB8CCFFD}: NameServer=205.188.146.145
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
-
Did you follow the instructions in my post???