Wow. I was going to ask you what you thought of the F-Secure suite, but then I worked my way further down your log.... I guess not everything is perfect. Let's see what we can do.
But first you need to make a decision: you have both f-Secure and AVG antivirus services running. Now I realise that there is a lot of talk about layering to detect malware, but this does NOT apply to active, realtime AV scanners. They interfere atrociously and so you must remove one -uninstall it. Your choice, I have no guidance to give here on which should go.
===Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Close ATF.
===GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5 -the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it.
===Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
Before the next step memorise these instructions... or copy them to notepad.
Ok, you're done with the net. Shut it down.
Check that a Restore point has been made . The path to this is via Start > all programs > accessories > system tools> system restore.
==Restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes.
- On the Windows Advanced Options Menu, select Safe Mode with Command Prompt and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using the Administrator account and password. NOTE: The password is blank by default unless you set a password.
-Start AVG a-s 7.5; under Scanner/ Settings set Recommended actions to Quarantine, and run the scan. Save the log file and only then click Apply all actions. Post the log file.
- Open the SmitfraudFix folder and double-click smitfraudfix.cmd, select option #1 - Search [type 1 and Enter]; a text file will appear which lists infected files (if present). It will also create a log named rapport.txt in the root of your drive, eg: Local Disk C:.. Please paste the report in your next reply. DO NOT RUN OPTION 2 YET!!!
When you are finished reboot to normal Windows mode and send that Smitfraud log in along with the AVG log and a fresh Hijackthis scan -please run the hijackthis scan in normal windows mode....
gerbil
Industrious Poster
4,206 posts since May 2005
Reputation Points: 239
Solved Threads: 300
You have not come back yet with results, and I must stop for a while now, so here is some more to be going on with...
Go to control panel, add/remove pgms, and uninstall WinAntiVirus Pro.
Now, in safe mode, please search for these two files [ you will first have to go to CP>folder options>view, and check Show hidden files and folders, Apply and OK].
*****Note that C:Windows\system32\svchost.exe is a valid windows pgm and should not be deleted!! *****
C:\WINDOWS\system32\wkdsez.dll -delete if you find it.
C:\WINDOWS\??crosoft.NET\??chost.exe - this may be in C:\WINDOWS\microsoft.NET\svchost.exe, and if you find it there it may safely be deleted.
Good. Now start Hijackthis [still in safe mode], do a Scan Only and place checkmarks against all the following entries if they exist, and finally press Fix Checked.:-
C:\WINDOWS\??crosoft.NET\??chost.exe
R3 - URLSearchHook: (no name) - {FD7C362A-F9BA-FA1B-9847-FEBAAA364BC2} - (no file)
O2 - BHO: (no name) - {10B6A716-3B81-3E22-A741-6EE33FECFB92} - C:\WINDOWS\system32\wkdsez.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [{592069D0-0724-2057-0613-06042606002c}] "C:\Program Files\Common Files\{592069D0-0724-2057-0613-06042606002c}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [{592069D0-0725-2057-0613-06042606002c}] "C:\Program Files\Common Files\{592069D0-0725-2057-0613-06042606002c}\Update.exe" mc-110-12-0000272
O4 - HKCU\..\Run: [Tbsa] "C:\DOCUME~1\SIMONN~1\APPLIC~1\SCURIT~1\dvdplay.exe" -vt ndrv
O4 - HKCU\..\Run: [Esjmz] C:\WINDOWS\??crosoft.NET\??chost.exe
O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing)
O21 - SSODL: gloomily - {9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f} - C:\WINDOWS\system32\mlraakb.dll (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
Exit safe mode.
Finally: Java update!!! This is for security reasons. Go control panel > java > update, & press update now. Restart after installing the update, and then go into control panel again, add/remove pgms and remove all old versions of java. Vsn 1.5.0.11 is current....
Do that fresh hijackthis scan in normal mode as in my earlier instructions and post all the logs.
Cheers.
gerbil
Industrious Poster
4,206 posts since May 2005
Reputation Points: 239
Solved Threads: 300
