![]() |
|
#21
|
|||
|
|||
|
Download SmitfraudFix (by S!Ri) to your Desktop.
|
|
#22
|
|||
|
|||
|
SmitFraudFix v2.274
Scan done at 16:49:12.00, Tue 01/22/2008 Run from C:\Documents and Settings\Richard\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Richard »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Richard\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Richard\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport DNS Server Search Order: 24.197.160.21 DNS Server Search Order: 24.197.160.18 HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB017379-BE3F-4F32-BB52-0B56B6717D3F}: DhcpNameServer=24.197.160.21 24.197.160.18 HKLM\SYSTEM\CS1\Services\Tcpip\..\{CB017379-BE3F-4F32-BB52-0B56B6717D3F}: DhcpNameServer=24.197.160.21 24.197.160.18 HKLM\SYSTEM\CS2\Services\Tcpip\..\{CB017379-BE3F-4F32-BB52-0B56B6717D3F}: DhcpNameServer=24.197.160.21 24.197.160.18 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.197.160.21 24.197.160.18 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.197.160.21 24.197.160.18 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.197.160.21 24.197.160.18 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End |
|
#23
|
|||
|
|||
|
Go to add/remove programs and look for Windows Messenger <<Not MSN Messenger
If it is there uninstall it. ---------- PLease download, install, update and run CounterSpy Download CounterSpy V2 CounterSpy is a 15 day full featured evaluation. 1. Double click the installer on the desktop 2. After Counterspy is installed and you have restarted your computer (if prompted), double-click the icon on your desktop to begin the install. 3. The Getting Started setup wizard opens. The wizard will guide you through the initial steps needed to configure CounterSpy. ** When the Activate Now prompt appears just click Next To scan you computer 1. Click System Scan on the main page. The System Scan page opens. 2. Set the scan options on the left side of the page. We recommend selecting Full System scan. 3. Click Scan Now. CounterSpy starts scanning your computer. After the scan is complete, the CounterSpy System Scan Results summary window opens. 4. Review the summarized information, then click View Results. You return to the System Scan results page. To take action against a security risk 1. Select a security risk. 2. Make a selection from the Recommended Action drop down menu next to it and select Remove ** Select Remove in all menus 3. Check the Create restore point option. This will create the Windows backup (useful in case something goes wrong). Then press Take Action 4. Now CounterSpy will ask you to confirm your actions. Press Yes within the window that appeares. This will start the removal process. 5. The program may need to reboot your computer. Clicking Yes if prompted is highly recommended. -- To manage the quarantined spyware * CounterSpy maintains a backup of quarantined items. * To access the Quarantine click on the View menu, select Spyware Scan and then choose the Manage Spyware Quarantine option. * To remove certain item from the quarantine, place a checkmark next to it and click Permanently remove all checked items. (use this option) * To restore an item click on the Un-quarantine all checked items link. (un-quarantine is only to be used if the computer is not running correctly due to items being removed by counterspy) * Clicking on the Check all items link will put a checkmark next to each item. Clicking on Un-check all items will deselect all quarantined threats. * CounterSpy will ask you to confirm your action. If you want to restore or delete an item, you must reply positively by pressing the Yes button. * Exit CounterSpy Next post Counterspy log |