Sign in to follow this  
online

antimalware

Recommended Posts

Recently I've come-up with a Security Alert showing the message:

 

System detected virus activities. These may impact the performance of your computer. Please use antimalware software to cleane and protect your system from parasite programs.

Click this balloon to get all available software.

 

When I clicked on it a new window opened from anti-virus.com showing ANTIVERMINS. Another window poped-up showing that spyware.cyberlog-x has infected my PC.

 

I've already scanned with spybot search and destroy and adware-se programs. Please help me in this regard.

 

Edit --> Topic moved to HJT forum

Share this post


Link to post
Share on other sites

Hello there and welcome to Lavasoft's security forum.

My name is David, I will be helping you with your problem today.

 

Please start by running a full scan with Ad-aware and posting the log.

When you finish the scan click "show logfile", then right click on it and choose "copy to clipboard".

 

Then, click here to download HijackThis.

Save HJTsetup.exe to your Desktop.

Double click on the HJTsetup.exe icon to start the program.

By default it will install to C:\Program Files\HijackThis.

Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.

Put a check by Create a desktop icon then click Next again.

Continue to follow the rest of the prompts from there.

At the final dialogue box click Finish and it will launch HijackThis.

Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.

Save the log, and post me it in your next reply.

 

So post back with the Hijackthis log, and the adaware log.

You have a smitfraud infection, which should be simple to remove.

Share this post


Link to post
Share on other sites

Thanx a lot D_Trojanator for your cooperation. Here is the Hijackthis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:10:53 AM, on 1/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

I:\WINDOWS\System32\smss.exe

I:\WINDOWS\system32\csrss.exe

I:\WINDOWS\system32\winlogon.exe

I:\WINDOWS\system32\services.exe

I:\WINDOWS\system32\lsass.exe

I:\WINDOWS\system32\svchost.exe

I:\WINDOWS\system32\svchost.exe

I:\WINDOWS\System32\svchost.exe

I:\WINDOWS\system32\svchost.exe

I:\WINDOWS\system32\svchost.exe

I:\WINDOWS\system32\spoolsv.exe

I:\WINDOWS\Explorer.EXE

I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

I:\Program Files\Analog Devices\SoundMAX\Smax4.exe

I:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

I:\Program Files\Winamp\winampa.exe

I:\Program Files\Common Files\Real\Update_OB\realsched.exe

I:\Program Files\Messenger\msmsgs.exe

I:\Program Files\Spyware Doctor\swdoctor.exe

I:\Program Files\Google\Google Talk\googletalk.exe

I:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

I:\Program Files\Rediff Bol\RediffMessenger.exe

I:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

I:\Program Files\Webroot\Washer\wwDisp.exe

I:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

I:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

I:\Program Files\Spyware Doctor\sdhelp.exe

I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

I:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

I:\Program Files\WordWeb\wweb32.exe

I:\WINDOWS\system32\wwSecure.exe

I:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

I:\WINDOWS\System32\alg.exe

I:\Program Files\Internet Explorer\iexplore.exe

I:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

I:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - I:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - I:\Program Files\Video ActiveX Object\isaddon.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - I:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: XBTBPos00 Class - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - I:\PROGRA~1\REDIFF~2\2.0\REDIFF~1.DLL (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [soundMAXPnP] I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "I:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [AVG7_CC] I:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroCheck] I:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] I:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "charithasrinivas"

O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0

O4 - HKCU\..\Run: [spyware Doctor] "I:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU\..\Run: [Yahoo! Pager] "I:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [googletalk] "I:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [FreeRAM XP] "I:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [bol IM] "I:\Program Files\Rediff Bol\RediffMessenger.exe"

O4 - HKCU\..\Run: [Window Washer] I:\Program Files\Webroot\Washer\wwDisp.exe

O4 - HKCU\..\Run: [updateMgr] I:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = I:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Startup: WordWeb.lnk = I:\Program Files\WordWeb\wweb32.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &WordWeb... - res://I:\WINDOWS\wweb32.dll/lookup.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - I:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - I:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - I:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{8112CA47-B174-43C8-8E81-0639BEE9D759}: NameServer = 202.88.174.6,202.88.130.67

O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - I:\WINDOWS\system32\nbbrhbd.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - I:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - I:\WINDOWS\system32\wwSecure.exe

 

 

 

and the adaware log is as follows:

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Friday, January 26, 2007 9:40:47 AM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R146 22.01.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):8 total references

Tracking Cookie(TAC index:3):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

1-26-2007 9:40:47 AM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : I:\Documents and Settings\charithasrinivas\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : I:\Documents and Settings\charithasrinivas\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-583907252-813497703-839522115-1005\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-583907252-813497703-839522115-1005\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru

Description : list of recent documents opened by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-583907252-813497703-839522115-1005\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru

Description : list of recent documents saved by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-583907252-813497703-839522115-1005\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-583907252-813497703-839522115-1005\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 656

ThreadCreationTime : 1-26-2007 3:19:52 AM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\I:\WINDOWS\system32\

ProcessID : 720

ThreadCreationTime : 1-26-2007 3:19:53 AM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\I:\WINDOWS\system32\

ProcessID : 744

ThreadCreationTime : 1-26-2007 3:19:54 AM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : I:\WINDOWS\system32\

ProcessID : 788

ThreadCreationTime : 1-26-2007 3:19:56 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : I:\WINDOWS\system32\

ProcessID : 800

ThreadCreationTime : 1-26-2007 3:19:56 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : I:\WINDOWS\system32\

ProcessID : 952

ThreadCreationTime : 1-26-2007 3:19:58 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : I:\WINDOWS\system32\

ProcessID : 1032

ThreadCreationTime : 1-26-2007 3:19:58 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : I:\WINDOWS\System32\

ProcessID : 1116

ThreadCreationTime : 1-26-2007 3:19:59 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : I:\WINDOWS\system32\

ProcessID : 1168

ThreadCreationTime : 1-26-2007 3:19:59 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : I:\WINDOWS\system32\

ProcessID : 1292

ThreadCreationTime : 1-26-2007 3:19:59 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [spoolsv.exe]

FilePath : I:\WINDOWS\system32\

ProcessID : 1512

ThreadCreationTime : 1-26-2007 3:20:01 AM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:12 [explorer.exe]

FilePath : I:\WINDOWS\

ProcessID : 1860

ThreadCreationTime : 1-26-2007 3:20:04 AM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:13 [smax4pnp.exe]

FilePath : I:\Program Files\Analog Devices\SoundMAX\

ProcessID : 1964

ThreadCreationTime : 1-26-2007 3:20:05 AM

BasePriority : Normal

FileVersion : 4, 0, 4, 11

ProductVersion : 4, 0, 4, 11

ProductName : SMax4PNP Application

CompanyName : Analog Devices, Inc.

FileDescription : SMax4PNP MFC Application

InternalName : SMax4PNP

LegalCopyright : Copyright © 2002-2003 Analog Devices

OriginalFilename : SMax4PNP.EXE

 

#:14 [smax4.exe]

FilePath : I:\Program Files\Analog Devices\SoundMAX\

ProcessID : 1976

ThreadCreationTime : 1-26-2007 3:20:05 AM

BasePriority : Normal

FileVersion : 4, 0, 4, 25

ProductVersion : 4, 0, 4, 25

ProductName : SoundMAX Control Panel

CompanyName : Analog Devices, Inc.

FileDescription : SoundMAX Control Center

InternalName : SMax4

LegalCopyright : Copyright © 2002-2003, Analog Devices

OriginalFilename : SMax4.EXE

 

#:15 [avgcc.exe]

FilePath : I:\PROGRA~1\Grisoft\AVGFRE~1\

ProcessID : 1984

ThreadCreationTime : 1-26-2007 3:20:06 AM

BasePriority : Normal

FileVersion : 7.5.0.418

ProductVersion : 7.5.0.418

ProductName : AVG 7.5 Anti-Virus System

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Control Center

InternalName : AvgCC

LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.

OriginalFilename : AvgCC.EXE

 

#:16 [winampa.exe]

FilePath : I:\Program Files\Winamp\

ProcessID : 2000

ThreadCreationTime : 1-26-2007 3:20:06 AM

BasePriority : Normal

 

 

#:17 [realsched.exe]

FilePath : I:\Program Files\Common Files\Real\Update_OB\

ProcessID : 2008

ThreadCreationTime : 1-26-2007 3:20:06 AM

BasePriority : Normal

FileVersion : 0.1.0.3760

ProductVersion : 0.1.0.3760

ProductName : RealPlayer (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : realsched.exe

 

#:18 [msmsgs.exe]

FilePath : I:\Program Files\Messenger\

ProcessID : 2016

ThreadCreationTime : 1-26-2007 3:20:06 AM

BasePriority : Normal

FileVersion : 4.7.3001

ProductVersion : Version 4.7.3001

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Windows Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

#:19 [swdoctor.exe]

FilePath : I:\Program Files\Spyware Doctor\

ProcessID : 2024

ThreadCreationTime : 1-26-2007 3:20:06 AM

BasePriority : Normal

FileVersion : 3.5.1.498

ProductVersion : 3.5.0

ProductName : Spyware Doctor

CompanyName : PC Tools Research Pty Ltd

FileDescription : Spyware Doctor

InternalName : Spyware Doctor

LegalCopyright : Copyright © 2005. Distributed by PC Tools Research Pty Ltd

OriginalFilename : swdoctor.exe

 

#:20 [googletalk.exe]

FilePath : I:\Program Files\Google\Google Talk\

ProcessID : 180

ThreadCreationTime : 1-26-2007 3:20:06 AM

BasePriority : Normal

FileVersion : 1,0,0,104

ProductVersion : 1,0,0,104

ProductName : Google Talk

CompanyName : Google

FileDescription : Google Talk

InternalName : Google Talk

LegalCopyright : Copyright © 2005-2006

OriginalFilename : googletalk.exe

 

#:21 [freeram xp pro.exe]

FilePath : I:\Program Files\YourWare Solutions\FreeRAM XP Pro\

ProcessID : 204

ThreadCreationTime : 1-26-2007 3:20:07 AM

BasePriority : Normal

FileVersion : 1.5.1.0

ProductVersion : 1.0.0.0

ProductName : FRXPRO

CompanyName : YourWare Solutions

FileDescription : FreeRAM XP Pro (YourWare Solutions)

InternalName : FRXPRO

LegalCopyright : Copyright YourWare Solutions , 2001-2005

LegalTrademarks : YourWare Solutions, FreeRAM XP, FreeRAM XP Lite, FreeRAM XP Professional

OriginalFilename : FRXPRO

Comments : Freeware application that frees and defragments your computer's memory to increse performance. Enjoy! Visit website for periodic updates.

 

#:22 [rediffmessenger.exe]

FilePath : I:\Program Files\Rediff Bol\

ProcessID : 192

ThreadCreationTime : 1-26-2007 3:20:07 AM

BasePriority : Normal

 

 

#:23 [avgamsvr.exe]

FilePath : I:\PROGRA~1\Grisoft\AVGFRE~1\

ProcessID : 216

ThreadCreationTime : 1-26-2007 3:20:07 AM

BasePriority : Normal

FileVersion : 7.5.0.420

ProductVersion : 7.5.0.420

ProductName : AVG 7.5 Anti-Virus System

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Alert Manager

InternalName : avgamsvr

LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.

OriginalFilename : avgamsvr.EXE

 

#:24 [wwdisp.exe]

FilePath : I:\Program Files\Webroot\Washer\

ProcessID : 244

ThreadCreationTime : 1-26-2007 3:20:08 AM

BasePriority : Normal

FileVersion : 6.0.2.466

ProductVersion : 6.0

ProductName : Window Washer

CompanyName : Webroot Software

FileDescription : Window Washer hard disk cleaning utility

InternalName : wwDisp.exe

LegalCopyright : Copyright © 1997, 2005 All Rights Reserved

LegalTrademarks : Window Washer

OriginalFilename : wwDisp.exe

Comments : Window Washer hard disk cleaning utility

 

#:25 [avgupsvc.exe]

FilePath : I:\PROGRA~1\Grisoft\AVGFRE~1\

ProcessID : 392

ThreadCreationTime : 1-26-2007 3:20:11 AM

BasePriority : Normal

FileVersion : 7.5.0.420

ProductVersion : 7.5.0.420

ProductName : AVG 7.5 Anti-Virus System

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Update Service

InternalName : avgupsvc

LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.

OriginalFilename : avgupdsvc.EXE

 

#:26 [avgemc.exe]

FilePath : I:\PROGRA~1\Grisoft\AVGFRE~1\

ProcessID : 448

ThreadCreationTime : 1-26-2007 3:20:12 AM

BasePriority : Normal

FileVersion : 7.5.0.432

ProductVersion : 7.5.0.432

ProductName : AVG Anti-Virus system

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG E-Mail Scanner

InternalName : avgemc

LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.

OriginalFilename : avgemc.exe

 

#:27 [sdhelp.exe]

FilePath : I:\Program Files\Spyware Doctor\

ProcessID : 548

ThreadCreationTime : 1-26-2007 3:20:13 AM

BasePriority : Normal

FileVersion : 3.5.0.18

ProductVersion : 3.5

ProductName : Spyware Doctor

CompanyName : PC Tools Research Pty Ltd

 

#:28 [smagent.exe]

FilePath : I:\Program Files\Analog Devices\SoundMAX\

ProcessID : 864

ThreadCreationTime : 1-26-2007 3:20:16 AM

BasePriority : Normal

FileVersion : 3, 2, 6, 0

ProductVersion : 3, 2, 6, 0

ProductName : SoundMAX service agent

CompanyName : Analog Devices, Inc.

FileDescription : SoundMAX service agent component

InternalName : SMAgent

LegalCopyright : Copyright © 2002

OriginalFilename : SMAgent.exe

 

#:29 [spuvolumewatcher.exe]

FilePath : I:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\

ProcessID : 868

ThreadCreationTime : 1-26-2007 3:20:17 AM

BasePriority : Normal

 

 

#:30 [wweb32.exe]

FilePath : I:\Program Files\WordWeb\

ProcessID : 948

ThreadCreationTime : 1-26-2007 3:20:17 AM

BasePriority : Normal

FileVersion : 4.0.0.0

ProductVersion : 4.0.0.0

ProductName : WordWeb

CompanyName : Antony Lewis

FileDescription : WordWeb thesaurus/dictionary

LegalCopyright : Antony Lewis 2005

Comments : See wordweb.info

 

#:31 [wwsecure.exe]

FilePath : I:\WINDOWS\system32\

ProcessID : 1068

ThreadCreationTime : 1-26-2007 3:20:17 AM

BasePriority : Normal

FileVersion : 6.0.1.10

ProductVersion : 6.0

CompanyName : Webroot Software, Inc.

FileDescription : Washer Security Service

InternalName : wwSecure.exe

LegalCopyright : © 1997, 2005 All Rights Reserved

 

#:32 [ymsgr_tray.exe]

FilePath : I:\PROGRA~1\Yahoo!\MESSEN~1\

ProcessID : 1704

ThreadCreationTime : 1-26-2007 3:20:28 AM

BasePriority : Normal

FileVersion : 8,1,0,0

ProductVersion : 8,1,0,0

ProductName : Yahoo! Messenger

CompanyName : Yahoo! Inc.

FileDescription : Yahoo! Messenger Tray

LegalCopyright : © 1998-2006 Yahoo! Inc. All rights reserved.

 

#:33 [alg.exe]

FilePath : I:\WINDOWS\System32\

ProcessID : 2080

ThreadCreationTime : 1-26-2007 3:20:36 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:34 [iexplore.exe]

FilePath : I:\Program Files\Internet Explorer\

ProcessID : 3356

ThreadCreationTime : 1-26-2007 3:22:44 AM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

 

#:35 [googletoolbarnotifier.exe]

FilePath : I:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\

ProcessID : 3536

ThreadCreationTime : 1-26-2007 3:22:52 AM

BasePriority : Normal

FileVersion : 1, 2, 908, 5008

ProductVersion : 1, 2, 908, 5008

ProductName : GoogleToolbarNotifier

CompanyName : Google Inc.

FileDescription : GoogleToolbarNotifier

LegalCopyright : Copyright © 2005-2006

OriginalFilename : GoogleToolbarNotifier.exe

 

#:36 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 2944

ThreadCreationTime : 1-26-2007 4:10:29 AM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 8

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 8

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 8

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:[email protected]/

Expires : 1-25-2012 8:53:18 AM

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 9

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 9

 

 

Deep scanning and examining files (D:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for D:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 9

 

 

Deep scanning and examining files (E:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for E:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 9

 

 

Deep scanning and examining files (F:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for F:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 9

 

 

Deep scanning and examining files (G:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for G:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 9

 

 

Deep scanning and examining files (H:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for H:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 9

 

 

Deep scanning and examining files (I:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for I:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 9

 

 

Deep scanning and examining files (J:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for J:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 9

 

 

Scanning Hosts file......

Hosts file location:"I:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 9

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 9

 

10:04:11 AM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:23:23.797

Objects scanned:307915

Objects identified:1

Objects ignored:0

New critical objects:1

 

 

======

 

Is it the required information? Pls do help me in fixing the problem. Thanx in advance.

Share this post


Link to post
Share on other sites

Good work online! ^_^

 

It is a good idea to print off these instructions:

This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.

 

You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.

A print out of the instructions would be a good reference to make sure you don't yet lost.

Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!

If you have any queries about the process or just general questions, just ask.

 

Please download SmitfraudFix (by S!Ri)

Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.

 

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

 

R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - I:\Program Files\Video ActiveX Object\isaddon.dll (file missing)

O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - I:\WINDOWS\system32\nbbrhbd.dll

 

Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

 

Now reboot into Safe Mode.

This can be done tapping the F8 key as soon as you start your computer

You will be brought to a menu where you can choose to boot into safe mode.

Make sure you choose the option without networking support.

 

Once in Safe Mode, open the SmitfraudFix folder again.

Double-click smitfraudfix.cmd.

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

 

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

 

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

 

Also post a new Hijackthis log.

 

David

Share this post


Link to post
Share on other sites

Thanx a lot D_Trojanator ! Let me tell you that the message that used to pop-up stopped. Last night i formatted the drive and updated the Ad-Aware with the new definitions. Then scanned with it. May be the new definitions has erased the malware.

Still do i need to carry out the entire process?

Share this post


Link to post
Share on other sites

Glad to here it was sorted out, after a reformat of the hard-drive I have no doubt that you've cleaned the PC of the malware you had. A reformat is often the best option with an infected PC. Follow this list and your potential for being infected again will be reduced dramatically.

 

Use an Anti Virus Software -

* It is very important that your computer has an anti-virus software running on your machine.

* This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:

* Click here for more information on -> Computer Safety On line - Anti-Virus

* I would recommend Grisoft's AVG or AVAST.

* These are the more secure and better ones.

 

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

 

Use a Firewall -

* I can not stress how important it is that you use a Firewall on your computer.

* Without a firewall your computer is susceptible to being hacked and taken over.

* Simply using a Firewall in its default configuration can lower your risk greatly.

* For an article on Firewalls and a listing of some available ones see the link below:

* Click here for more information on -> Computer Safety On line - Software Firewalls

* I would recommend ZoneAlarm as a firewall as it's easy to use.

 

Visit Microsoft's Windows Update Site Frequently -

* It is important that you visit http://www.windowsupdate.com regularly.

* This will ensure your computer has always the latest security updates available installed on your computer.

* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

 

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.

* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.

* You should also scan your computer with program on a regular basis just as you would an anti virus software.

* A tutorial on installing & using this product can be found here:

* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

 

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.

* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.

* A tutorial on installing & using this product can be found here:

* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

 

Install Javacools© SpywareBlaster -

* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.

* A article on anti-malware products with links for this program and others can be found here:

* Click here for more info -->Computer Safety on line - Anti-Malware

 

Update all these programs regularly - Make sure you update all the programs I have listed regularly.

Without regular updates you WILL NOT be protected when new malicious programs are released.

 

If you have any addition questions just ask...

David

Share this post


Link to post
Share on other sites

Thanx a lot D_Trojanator! I've been using Grisoft's AVG 7.5, Spybot© - Search and Destroy, Lavasofts© Ad-Aware and SUPER antispyware.

 

Speaking about Microsoft's Windows Update, I've never updated it. Let me check and give you an answer.

Share this post


Link to post
Share on other sites
Sign in to follow this