Thread: spyware (RESOLVED)
View Single Post
  #5 (permalink)  
Old 13-03-2007, 12:26 AM
payne1504 payne1504 is offline
Newbie
D-A-L Newbie
  
Join Date: Mar 2007
Posts: 15
payne1504 Is a beginner here at D-A-L
Re: spyware
SmitFraudFix v2.148

Scan done at 18:10:24.36, Mon 03/12/2007
Run from C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EPJBE377\SmitfraudFix[1]\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{634be415-da12-496b-b89e-329b73c4807f}"="cam"

[HKEY_CLASSES_ROOT\CLSID\{634be415-da12-496b-b89e-329b73c4807f}\InProcServer32]
@="C:\WINDOWS\system32\tvomnc.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{634be41 5-da12-496b-b89e-329b73c4807f}\InProcServer32]
@="C:\WINDOWS\system32\tvomnc.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\tvomnc.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:03:05 PM 3/12/2007

+ Scan result:



HKU\S-1-5-21-1079541628-236781750-2621664363-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : No action taken.
C:\Program Files\NewDotNet -> Adware.NewDotNet : No action taken.
C:\Program Files\NewDotNet\newdotnet7_48.dll -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064545.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064546.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064573.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064574.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064580.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064596.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP149\A0065177.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP149\A0065188.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \\New.net Startup -> Adware.NewDotNet : No action taken.
HKLM\SOFTWARE\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-21-1079541628-236781750-2621664363-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : No action taken.
HKU\S-1-5-21-1079541628-236781750-2621664363-1006\Software\New.net -> Adware.NewDotNet : No action taken.
[1072] C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL -> Adware.NewDotNet : No action taken.
[1684] C:\Program Files\NewDotNet\newdotnet7_48.dll -> Adware.NewDotNet : No action taken.
[2060] C:\Program Files\NewDotNet\newdotnet7_48.dll -> Adware.NewDotNet : No action taken.
[2568] C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL -> Adware.NewDotNet : No action taken.
[2852] C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL -> Adware.NewDotNet : No action taken.
[3016] C:\Program Files\NewDotNet\newdotnet7_48.dll -> Adware.NewDotNet : No action taken.
[3976] C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064491.ini -> Adware.Qworke : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP149\A0065159.exe -> Adware.SpyHeal : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2DA.tmp\pmunst.exe -> Downloader.Zlob.asv : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064577.exe -> Downloader.Zlob.asv : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2DA.tmp\pmmnt.exe -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064484.exe -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064505.exe -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064522.exe -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064534.exe -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064555.exe -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064566.exe -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064583.exe -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064486.exe -> Downloader.Zlob.bpn : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064507.exe -> Downloader.Zlob.bpn : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064523.exe -> Downloader.Zlob.bpn : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064535.exe -> Downloader.Zlob.bpn : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064557.exe -> Downloader.Zlob.bpn : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064568.exe -> Downloader.Zlob.bpn : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP146\A0064582.exe -> Downloader.Zlob.bpn : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP149\A0065157.exe -> Downloader.Zlob.bpn : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP149\A0065158.exe -> Downloader.Zlob.bpn : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@viamtvcom.112.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@vip.clickzs[1].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ehg-eline.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@paycounter[1].txt -> TrackingCookie.Paycounter : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP150\A0065249.dll -> Trojan.Dialer.cs : No action taken.


::Report end
Reply With Quote