I Need Help Really Bad

JAJI · Oct 3, 2006

ok i renamed it

Logfile of HijackThis v1.99.1
Scan saved at 7:44:10 PM, on 10/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\Show.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [oyi2985f] RUNDLL32.EXE w1405b4a.dll,n 0052985a000000021405b4a
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

edifier · Oct 3, 2006

Well, all of that accomplished no extra entries present so let's push on.

Go to 'Control Panel/folder options/view' and check 'show hidden files and folders'.While there, UNCHECK 'hide protected operating system files(recommended)'. Click Apply and Okay.

Download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ You will need it later in safe mode.

Download Ewido http://www.ewido.net/en/download/ then set it up this way http://rstones12.geekstogo.com/ewidosetup.htm You will need this later in safe mode
Make sure to update this program.

Reboot your computer in Safe Mode by doing the following.

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run Smitfraud

* Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
* Select option #2 - Clean by typing 2 and press Enter.
* Wait for the tool to complete and disk cleanup to finish.
* You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
* The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

Save this new Smitfraud scan log.

From safemode, run HijackThis and put a check by the following entries if still present, close all open windows and browsers except HijackThis and click 'Fix Checked'

O4 - HKLM\..\Run: [oyi2985f] RUNDLL32.EXE w1405b4a.dll,n 0052985a000000021405b4a
O15 - Trusted Zone: *.elitemediagroup.net
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)

Exit Hijack This but remain in safe mode.

Run Ewido. Save the scan log.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Tick Select All
Click the Empty Selected button.
If you also use firefox, select at top and do the same.

Reboot into normal windows and post the SmitFraud, Ewido logs along with a fresh HijackThis log.

JAJI · Oct 3, 2006

OK DID IT HERES MY LOGS

Logfile of HijackThis v1.99.1
Scan saved at 1:26:24 AM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\Show.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

SmitFraudFix v2.104

Scan done at 1:27:57.28, Tue 10/03/2006
Run from C:\Documents and Settings\JAJI\Desktop\PRO\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JAJI

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JAJI\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JAJI\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll"

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

:\System Volume Information\_restore{1B1AC8BA-457D-4FB3-A8A9-D18507E1D742}\RP9\A0000417.exe -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{1B1AC8BA-457D-4FB3-A8A9-D18507E1D742}\RP9\A0000413.exe -> Adware.MediaTicket : Cleaned.
C:\System Volume Information\_restore{1B1AC8BA-457D-4FB3-A8A9-D18507E1D742}\RP9\A0000425.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1B1AC8BA-457D-4FB3-A8A9-D18507E1D742}\RP9\A0000414.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{1B1AC8BA-457D-4FB3-A8A9-D18507E1D742}\RP9\A0000420.exe -> Adware.ZenoSearch : Cleaned.
C:\System Volume Information\_restore{1B1AC8BA-457D-4FB3-A8A9-D18507E1D742}\RP9\A0000423.exe -> Adware.ZenoSearch : Cleaned.
C:\System Volume Information\_restore{1B1AC8BA-457D-4FB3-A8A9-D18507E1D742}\RP9\A0000424.exe -> Adware.ZenoSearch : Cleaned.
C:\System Volume Information\_restore{1B1AC8BA-457D-4FB3-A8A9-D18507E1D742}\RP9\A0000415.exe -> Downloader.VB.anl : Cleaned.
C:\System Volume Information\_restore{1B1AC8BA-457D-4FB3-A8A9-D18507E1D742}\RP8\A0000327.exe -> Hijacker.Small : Cleaned.
C:\System Volume Information\_restore{1B1AC8BA-457D-4FB3-A8A9-D18507E1D742}\RP9\A0000422.dll -> Logger.VBStat.e : Cleaned.
C:\System Volume Information\_restore{1B1AC8BA-457D-4FB3-A8A9-D18507E1D742}\RP9\A0000426.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned.
C:\System Volume Information\_restore{1B1AC8BA-457D-4FB3-A8A9-D18507E1D742}\RP13\A0000638.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned.
C:\Documents and Settings\JAJI\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.14:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.15:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.16:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.30:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\JAJI\Cookies\jaji@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\JAJI\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\JAJI\Desktop\PRO\Ashampoo Burning Studio\Patch.exe -> Trojan.Agent.iu : Cleaned.
C:\System Volume Information\_restore{1B1AC8BA-457D-4FB3-A8A9-D18507E1D742}\RP9\A0000418.exe -> Trojan.VB.tg : Cleaned.
C:\System Volume Information\_restore{1B1AC8BA-457D-4FB3-A8A9-D18507E1D742}\RP9\A0000419.exe -> Trojan.VB.tg : Cleaned.

::Report end

JAJI · Oct 3, 2006

BY THE WAY I LOOK AT WHAT I HAVE IN MY COMPUTER, I DONT KNOW WHAT IT IS BUT I DO KNOW THAT THE LAST TIME I CLICK ON THE BIGEST FILE IN THAT CIRCLE MY PC SHUT OFF AND IT WOULDNT START SAYING THAT " THE NTLR WAS MISSING "" SO I WILL NOT EVEN THINK OF CLICKING ON IT HERES THE PICK

Bobo · Oct 3, 2006

AAAACK AAACK AAACK! Don't ever ever touch those files in the red circle. Those are the ones that keep your system running. Don't screw with them!!!

JAJI · Oct 3, 2006

I KNOW , I LEARN FROM MY MISTAKES BUT HOW DID THEY GET THERE IN THE FIRST PLACE

AND HERES MY RECENT LOG

Created at: 7:21:21 AM 10/3/2006

+ Scan result:

C:\Documents and Settings\JAJI\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\JAJI\Cookies\jaji@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.10:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.11:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.12:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.13:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.6:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.9:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\JAJI\Cookies\jaji@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\JAJI\Cookies\jaji@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\JAJI\Cookies\[email protected][2].txt -> TrackingCookie.Com : No action taken.
:mozilla.14:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.17:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.21:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.22:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.23:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\JAJI\Cookies\jaji@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\JAJI\Cookies\jaji@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\JAJI\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\JAJI\Cookies\jaji@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\JAJI\Cookies\jaji@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.24:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\JAJI\Cookies\jaji@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.7:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.8:C:\Documents and Settings\JAJI\Application Data\Mozilla\Firefox\Profiles\84dvhnd6.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\JAJI\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{1B1AC8BA-457D-4FB3-A8A9-D18507E1D742}\RP32\A0008133.exe -> Trojan.Agent.iu : No action taken.

::Report end

I STILL HAVE A TROJAN IN THERE BUT I DIDNT DO ANYTHING BECAUSE IS INSIDE THE FILES THAT ARE IN THE RED CIRCLE

JAJI · Oct 3, 2006

AND I ALSO HAVE THESE OTHER FILES THAT POPED UP IN MY MUSIC AND PICTURES FOLDERS

Archangel · Oct 3, 2006

Just a question... could you Please stop using Capslock all the time in your posts? its really annoying to read.

you may want to reformat the pc (delete all partitions, and create new ones) and reinstall windows once again. Also... download the Win xp Service Pack 2 CD ( i dont know what version you have,.. home or Pro.. but get the same one, just with SP2 already in it,.. your key will work with it.
then you install about the newest version of windows, instead of going online with a pc with really obselete security feat's ( without any SP's installed atm... your pc is literairy yelling "Inferct me!" as soon as it goes online,..) SP2 gives a LOT more protection.

its just a suggestion ofcourse

edifier · Oct 3, 2006

I need to know how your system is running now. Any more problems?.

And you were supposed to post the SmitFraud scan log from running it earlier in safemode!.

Bobo · Oct 3, 2006

JAJI said:
I KNOW , I LEARN FROM MY MISTAKES BUT HOW DID THEY GET THERE IN THE FIRST PLACE

Ummm...your system puts them there?

Those are pretty much the most important files created when you install the operating system, and they are hidden for a reason.

JAJI · Oct 3, 2006

SO SORRY HERE IT IS

SmitFraudFix v2.104

Scan done at 23:37:49.39, Mon 10/02/2006
Run from C:\Documents and Settings\JAJI\Desktop\PRO\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

edifier · Oct 4, 2006

That's what i wanted to see. All that is left is the tracking cookies. You can manually delete them or use ATF cleaner or Ewido but make sure 'Cookies' are selected. Now purge the restore folder by going to 'Control Panel/ System/System Restore' and check the box ' Turn off system restore on all drives' click 'apply' and 'okay'.Reboot your computer and then enable system restore again and create a 'New Restore Point' by going to 'Start/Programs/Accessories/System Tools/System Restore'.

The go back again to 'Control Panel/folder options/view' and check 'do not show hidden files and folders'.While there, CHECK 'hide protected operating system files(recommended)'. Click Apply and Okay.

I will ask again. Is your system acting okay now?.

edifier · Oct 4, 2006

I see from another thread you are still getting some popups. That is not surprising as there were multiple infections. Go here and follow the instructions for spyquake removal. Once finished, let me know if they have stopped.

http://forums.majorgeeks.com/showthread.php?t=88420

JAJI · Oct 4, 2006

THANKS BUT AS OF RIGHT NOW THE ONLY PROBLEMS ARE

1. CANT OPEN ADD OR REMOVE PROGRAMS
( I GET THE ERROR SOUND BUT NOTHING POPS UP)

2.THIS HAPPENS WHEN I START MY PC ,
BUT I AM GONNA REMOVE TROJAN REMOVER AND SEE WHAT HAPPENS

3. TAKES ABOUT 3 OR 4 MINITES TO START
WHEN IT USED TO BE LIKE 30SEC TO 1 MIN

JAJI · Oct 4, 2006

Wel I Fixed The Error Problem But I Pc Still Takes A While To Load And I Cant Get To My Add Or Remove Programs

I Need Help Really Bad

JAJI

New Member

edifier

New Member

JAJI

New Member

JAJI

New Member

Bobo

banned

JAJI

New Member

JAJI

New Member

Archangel

VIP Member

edifier

New Member

Bobo

banned

JAJI

New Member

edifier

New Member

edifier

New Member

JAJI

New Member

JAJI

New Member