Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Critical System Error


  • Please log in to reply

#1
Mystic988

Mystic988

    Member

  • Member
  • PipPip
  • 10 posts
Well as of right now I have a new button on my task bar that changes between an X and a ? and at random times will bring up a message saying, that I have a Critical System Error with spy ware. Then when I click it it brings me to Virus Busters website http://www.virusbursters.com/?aff=330. How I belive this started was one day I looked at my desktop and Virus Busters Program installed its self and there was a new Icon on my Desktop so I went to Add/Remove and Removed Virus Busters and then that error started. So I scanned with AVG and then Ad-aware. And that failed to remove it so I thought maybe the problem could be solved in HiJackThis so I did a scan and I don't know anything about HiJackThis.

So Hopefully I can get some help here :whistling:


Logfile of HijackThis v1.99.1
Scan saved at 6:01:50 PM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\issearch.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\FotomatDeviceConnect.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe

O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\ViewBar.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmac.dll,startup
O4 - HKLM\..\Run: [fvcbsbg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fvcbsbg.dll,hyvxiue
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: archenteric - {d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3} - C:\WINDOWS\system32\impgsje.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


  • 0

Advertisements


#2
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Will you paste any further information directly and not use one of the "buttons" as it makes it more difficult to read.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You are running HJT from an unsafe location. An easy way to correct this is to do the following:

Download a copy of HJTsetup.exe from here and save it to your Desktop.
  • Double click HJTsetup.exe to begin installation.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the prompts from there.
  • At the final dialogue box uncheck the box to the left of "Launch Hijackthis" and then click Finish
Do this BEFORE you proceed!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Rename your copy of hijackthis.exe to sunday.exe and post a fresh log run in Normal Mode. It's possible that this nasty is interfering with the normal working of HJT in order to hide itself and renaming the .exe will get around this.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run HJT:
  • Click Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1) Download SmitfraudFix.zip by S!Ri from here and save it to your Desktop.
You will then need to extract the files.
To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


2) Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Press "1" and then <ENTER> to start the search process.
When the search has completed, a text file, rapport.txt, will open with the results in - Copy and paste this report into your next reply.

A copy of the report can be found in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
For most, this file can be found by double-clicking My Computer and then Local Disk (C:)


IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

This fix is based on a canned speech supplied by Kimberly.

Edited by Noviciate, 05 November 2006 - 01:02 PM.

  • 0

#3
Mystic988

Mystic988

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok following all of your advice here are the 2 logs that you wanted me to post and HiJack this is now installed and the program renamed to Sunday

Acer eManager for Notebook
Acer GridVista
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Anvil Studio
AOL Instant Messenger
AOL Toolbar 2.0
Atheros Client Installation Program
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Free Edition
BitTorrent 4.22.1
Broadcom 802.11 Network Adapter
Ceres-RO
Cheat Engine 5.1.1
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Ethereal 0.99.0
FTP Commander
GPL MPEG-1/2 DirectShow Decoder Filter
Gunbound Revolution
GunZ Mouse Re-Binder 1.16
HijackThis 1.99.1
Iconic Tray (remove only)
ImageShack Toolbar for Internet Explorer
Ipswitch WS_FTP Home 2006
J2SE Runtime Environment 5.0 Update 8
Launch Manager V1.0.8.3
MAIET entertainment - Gunz
Microsoft .NET Framework 2.0
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
Mozilla Firefox (1.5.0.7)
MSN Music Assistant
Nero 7 Demo
Norton PartitionMagic 8.0
OIN
RagnarokOnline
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Safety Alerter 2006
Safety Bar
Satsuki Decoder Pack
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Silkroad
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
The Sims 2
The Sims 2 Open For Business
The Sims 2 University
ToolBar888
TweakXP Tweaking Utility
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Ventrilo Client
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
VisualKore 1.6.9
VSAdd-in for Internet Explorer
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB887472
WinPcap 3.1
WinRAR archiver
WinZip
WoScripter v1.3
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar


SmitFraudFix v2.119

Scan done at 19:33:21.67, Sun 11/05/2006
Run from C:\Program Files\SmithFraud\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\impgsje.dll FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ixt?.dll FOUND !
C:\WINDOWS\system32\ixt??.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\drvmac.dll FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Brian


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Brian\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Brian\FAVORI~1

C:\DOCUME~1\Brian\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Safety Bar\ FOUND !
C:\Program Files\VirusBursters\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.gunzonlin...cher/front.jpg"
"SubscribedURL"="http://www.gunzonlin...cher/front.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_CLASSES_ROOT\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Thank you for the Reply
  • 0

#4
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts

Rename your copy of hijackthis.exe to sunday.exe and post a fresh log run in Normal Mode. It's possible that this nasty is interfering with the normal working of HJT in order to hide itself and renaming the .exe will get around this.

Can you tell what you've missed out?
  • 0

#5
Mystic988

Mystic988

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Nope

Logfile of HijackThis v1.99.1
Scan saved at 8:09:42 PM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\issearch.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\FotomatDeviceConnect.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WoS\Souls.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\sunday.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2906B0DE-ADB8-F99D-83C5-02F67010A1F5} - C:\WINDOWS\system32\jvzdcpe.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.6.0\ViewBarBHO.dll
O2 - BHO: (no name) - {CF1F9294-9CCB-47FC-B2E8-94E14792B6D9} - C:\WINDOWS\system32\pmnnl.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\igegenhc.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\ViewBar.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmac.dll,startup
O4 - HKLM\..\Run: [fvcbsbg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fvcbsbg.dll,hyvxiue
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.image...hackToolbar.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pmnnl - C:\WINDOWS\system32\pmnnl.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll
O21 - SSODL: archenteric - {d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3} - C:\WINDOWS\system32\impgsje.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • 0

#6
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
OK, you've got multiple slime problems with your PC, so this will take a post or two to fix.

Download VundoFix.exe by Atribune from here and save it to your desktop.
  • Close all open programs and windows as this may require a reboot.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot - simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
  • 0

#7
Mystic988

Mystic988

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.8

Scan started at 8:27:46 PM 11/5/2006

Listing files found while scanning....


VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.8

Scan started at 8:28:57 PM 11/5/2006

Listing files found while scanning....

C:\WINDOWS\system32\fvcbsbg.dll
C:\WINDOWS\system32\jvzdcpe.dll
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lnnmp.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fvcbsbg.dll
C:\WINDOWS\system32\fvcbsbg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jvzdcpe.dll
C:\WINDOWS\system32\jvzdcpe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\pmnnl.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lnnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\lnnmp.bak2
C:\WINDOWS\system32\lnnmp.bak2 Has been deleted!

Performing Repairs to the registry.
Done!



Logfile of HijackThis v1.99.1
Scan saved at 8:40:36 PM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\issearch.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\FotomatDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\sunday.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2906B0DE-ADB8-F99D-83C5-02F67010A1F5} - C:\WINDOWS\system32\jvzdcpe.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.6.0\ViewBarBHO.dll
O2 - BHO: (no name) - {DC187234-2E61-48E7-83F2-C3E76E983431} - C:\WINDOWS\system32\pmnnl.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\igegenhc.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\ViewBar.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmac.dll,startup
O4 - HKLM\..\Run: [fvcbsbg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fvcbsbg.dll,hyvxiue
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.image...hackToolbar.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pmnnl - C:\WINDOWS\system32\pmnnl.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll
O21 - SSODL: archenteric - {d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3} - C:\WINDOWS\system32\impgsje.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • 0

#8
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Download Combofix by sUBs from here and save it to your Desktop.
  • Double click combo.exe to run it and follow the prompts.
  • When the tool has finished, it will produce a log C:\ComboFix.txt - copy and paste it into your next reply.
  • Post a fresh HJT log as well.
  • Let me know how the PC is behaving.
Please Note:
  • Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash.
  • Disable Script Blocking if you have NAV installed as it will interfere with the normal working of this tool.
  • Trojan Hunter has been reported to detect this tool as Worm.Qiv.100 - please ignore this, it's a false-positive.

  • 0

#9
Mystic988

Mystic988

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Brian - 06-11-05 21:01:44.92 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Brian\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\issearch.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\ixt0.dll
C:\Program Files\Inetget2
C:\Program Files\Safety Bar
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{34158645-063F-1033-0705-050411050001}
C:\Program Files\Common Files\{84158645-063F-1033-0705-050411050001}


((((((((((((((((((((((((((((((( Files Created from 2006-10-05 to 2006-11-05 ))))))))))))))))))))))))))))))))))


2006-11-05 20:38 752,426 ---hs---- C:\WINDOWS\system32\lnnmp.bak1
2006-11-05 19:28 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-05 19:28 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-05 19:28 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-05 19:28 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-03 16:20 60,436 --a------ C:\WINDOWS\system32\igegenhc.dll
2006-11-03 16:20 110,612 --a------ C:\WINDOWS\system32\ghwtwbex.exe
2006-11-03 16:19 692,276 --------- C:\WINDOWS\system32\pmnnl.dll
2006-11-03 15:49 106,496 --a------ C:\WINDOWS\system32\impgsje.dll
2006-11-03 15:44 59,392 --a------ C:\WINDOWS\system32\drvmac.dll
2006-11-03 15:44 40,973 ---hs---- C:\WINDOWS\system32\iifddee.dll
2006-11-03 15:44 15,872 --a------ C:\WINDOWS\system32\winjyg32.dll
2006-10-26 20:53 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-05 21:02 -------- d-------- C:\Program Files\Common Files
2006-11-05 20:58 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-05 20:40 -------- d-------- C:\Program Files\Hijackthis
2006-11-05 19:27 -------- d-------- C:\Program Files\SmithFraud
2006-11-05 17:24 -------- d-------- C:\Program Files\Lavasoft
2006-11-05 17:24 -------- d-------- C:\Documents and Settings\Brian\Application Data\Lavasoft
2006-11-03 18:29 -------- d---s---- C:\Documents and Settings\Brian\Application Data\Microsoft
2006-11-03 17:47 -------- d-------- C:\Program Files\FTP Commander
2006-11-03 17:09 -------- d-------- C:\Program Files\VirusBursters
2006-11-03 16:20 -------- d-------- C:\Program Files\VSAdd-in
2006-11-03 16:20 -------- d-------- C:\Documents and Settings\Brian\Application Data\SearchToolbarCorp
2006-11-01 11:55 -------- d-------- C:\Program Files\Cheat Engine
2006-10-30 21:28 -------- d-------- C:\Program Files\Silkroad
2006-10-30 20:53 -------- d-------- C:\Documents and Settings\Brian\Application Data\Ventrilo
2006-10-30 19:38 -------- d-------- C:\Program Files\Ventrilo
2006-10-30 19:37 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-29 18:46 -------- d-------- C:\Documents and Settings\Brian\Application Data\Help
2006-10-17 21:33 -------- d-------- C:\Documents and Settings\Brian\Application Data\BitTorrent
2006-10-08 21:09 -------- d-------- C:\Program Files\EA GAMES
2006-10-03 17:49 -------- d-------- C:\Program Files\Common Files\EasyInfo
2006-10-02 19:39 -------- d-------- C:\Program Files\Iconic Tray
2006-09-27 19:36 -------- d-------- C:\Program Files\Fake Email Mailer
2006-09-27 16:59 -------- d-------- C:\Program Files\LimeWire
2006-09-27 03:27 -------- d-------- C:\Program Files\Internet Explorer
2006-09-27 03:26 -------- d-------- C:\Program Files\WoScripter v1.3
2006-09-27 02:44 -------- d-------- C:\Documents and Settings\Brian\Application Data\Anvil Studio
2006-09-27 01:55 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-26 14:42 -------- d-------- C:\Program Files\Viewpoint
2006-09-26 14:42 -------- d-------- C:\Program Files\Common Files\Viewpoint
2006-09-25 21:30 -------- dr-h----- C:\Documents and Settings\Brian\Application Data\yahoo!
2006-09-25 15:24 2622976 --a------ C:\astudio.exe
2006-09-24 21:31 -------- d-------- C:\Program Files\WinRAR
2006-09-23 23:06 -------- d-------- C:\Program Files\Symantec
2006-09-23 02:32 -------- d-------- C:\Program Files\AC Tool
2006-09-23 01:32 -------- d-------- C:\Documents and Settings\Brian\Application Data\Media Player Classic
2006-09-23 01:31 -------- d-------- C:\Program Files\Satsuki Decoder Pack
2006-09-23 01:19 -------- d-------- C:\Program Files\GPL MPEG Decoder
2006-09-22 22:49 -------- d-------- C:\Program Files\DivX
2006-09-22 21:57 -------- d-------- C:\Program Files\AIM
2006-09-22 15:26 -------- d-------- C:\Program Files\BitTorrent
2006-09-21 09:17 -------- d-------- C:\Program Files\Microsoft Office
2006-09-21 09:16 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-21 09:09 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-21 09:09 -------- d-------- C:\Program Files\Common Files\System
2006-09-21 09:09 -------- d-------- C:\Program Files\Common Files\Designer
2006-09-19 18:34 -------- d-------- C:\Program Files\VisualKore
2006-09-19 17:21 -------- d-------- C:\Documents and Settings\Brian\Application Data\Kore
2006-09-18 12:11 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-09-18 12:11 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-09-18 12:11 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-09-18 12:11 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-18 02:03 -------- d-------- C:\Documents and Settings\Brian\Application Data\Sun
2006-09-17 19:26 -------- d-------- C:\Program Files\Yahoo!
2006-09-17 18:55 -------- d-------- C:\Program Files\Java
2006-09-17 18:54 -------- d-------- C:\Program Files\Common Files\Java
2006-09-17 00:47 -------- d-------- C:\Documents and Settings\Brian\Application Data\Adobe
2006-09-15 15:47 -------- d-------- C:\Program Files\WinPcap
2006-09-15 15:46 -------- d-------- C:\Program Files\Ethereal
2006-09-15 15:45 -------- d-------- C:\Documents and Settings\Brian\Application Data\Ethereal
2006-09-13 14:55 -------- d-------- C:\Program Files\MsnMusic
2006-09-13 14:51 -------- d-------- C:\Program Files\Windows Media Player
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-11 22:48 -------- d-------- C:\Program Files\Gravity
2006-09-07 02:31 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-05 01:30 -------- d-------- C:\Documents and Settings\Brian\Application Data\Ahead
2006-09-05 01:18 -------- d-------- C:\Program Files\Nero
2006-09-05 01:18 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-01 23:27 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-09-01 23:27 348160 --------- C:\WINDOWS\system32\msvcr71.dll
2006-09-01 12:43 0 -rahs---- C:\MSDOS.SYS
2006-09-01 12:43 0 -rahs---- C:\IO.SYS
2006-09-01 12:43 0 --a------ C:\CONFIG.SYS
2006-09-01 12:43 0 --a------ C:\AUTOEXEC.BAT
2006-09-01 07:33 62 --ahs---- C:\Documents and Settings\Brian\Application Data\desktop.ini
2006-08-25 09:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-23 15:14 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-08-21 06:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 03:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 05:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-11 11:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 11:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 11:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 11:35 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-08-11 11:35 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-08-11 11:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 11:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 11:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 11:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 11:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 11:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 11:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 11:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 11:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 11:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11 11:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchAp"="\"C:\\Program Files\\Launch Manager\\LaunchAp.exe\""
"PowerKey"="\"C:\\Program Files\\Launch Manager\\PowerKey.exe\""
"LManager"="\"C:\\Program Files\\Launch Manager\\HotkeyApp.exe\""
"CtrlVol"="\"C:\\Program Files\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Program Files\\Launch Manager\\OSDCtrl.exe\""
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"ACU"="\"C:\\Program Files\\Atheros\\ACU.exe\" -nogui"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"SoundMan"="SOUNDMAN.EXE"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"ViewpointPhotosDeviceConnect"="C:\\Program Files\\Common Files\\Viewpoint\\Toolbar Runtime\\3.6.0\\FotomatDeviceConnect.exe"
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvmac.dll,startup"
"fvcbsbg.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\fvcbsbg.dll,hyvxiue"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://www.gunzonlin...cher/front.jpg"
"SubscribedURL"="http://www.gunzonlin...cher/front.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,e4,01,00,00,f4,00,00,00,60,02,00,00,68,01,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,d2,03,00,00,23,01,00,00,58,02,00,00,68,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,f7,03,41,c0,b4,74,10,60,1e,00,68,de,f7,03,20,6d,\
f7,03,2e,b8,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,02,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,02,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
"NoLogoff"=dword:00000000
"NoWindowsUpdate"=dword:00000000
"NoFavoritesMenu"=dword:00000001
"NoSMHelp"=dword:00000001
"StartMenuLogOff"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"issearch.exe"="issearch.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"archenteric"="{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnl
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjyg32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-05 21:03:29.70
C:\ComboFix.txt ... 06-11-05 21:03



Logfile of HijackThis v1.99.1
Scan saved at 9:06:34 PM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\FotomatDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\WoS\Souls.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\sunday.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2906B0DE-ADB8-F99D-83C5-02F67010A1F5} - C:\WINDOWS\system32\jvzdcpe.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.6.0\ViewBarBHO.dll
O2 - BHO: (no name) - {DC187234-2E61-48E7-83F2-C3E76E983431} - C:\WINDOWS\system32\pmnnl.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\igegenhc.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\ViewBar.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmac.dll,startup
O4 - HKLM\..\Run: [fvcbsbg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fvcbsbg.dll,hyvxiue
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.image...hackToolbar.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pmnnl - C:\WINDOWS\system32\pmnnl.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll
O21 - SSODL: archenteric - {d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3} - C:\WINDOWS\system32\impgsje.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • 0

#10
Mystic988

Mystic988

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
As for how its running there isn't much of a difference it is does seem to be runnign just a little bit smoother
  • 0

Advertisements


#11
Mystic988

Mystic988

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
But Sadly The Problem Still Exists.
  • 0

#12
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) Download the trial version of AVG Anti-Spyware from here and save it to your Desktop.

If you already have this program installed, skip to Updating AVG Anti-Spyware: below.

Double click the avgas-setup file to begin installation and follow the prompts.
When the program has been installed, and you click the Finish button, AVG A-S will open.

* Please note that this program was formerly known as Ewido anti-spyware 4.0.
Taken from the Ewido website -

ewido anti-spyware 4.0 will now continue under the new product name AVG Anti-Spyware 7.5. AVG Anti-Spyware 7.5 contains the same ewido technology, but with some further enhanced features:

Highly improved cleaning
Lower resource usage
Additional languages supported

All current licenses for ewido anti-spyware 4.0 will continue to be valid, and users can change over to the new AVG Anti-Spyware 7.5 for free.

  • Updating AVG Anti-Spyware:
    [list]Updating AVG Anti-Spyware:

    By default AVG A-S is configured to update automatically so, if you have an active internet connection, it should do so following installation. If you are unsure whether or not it has done so, do the following:
  • Click the Update icon at the top and under "Manual Update" - click the Start update button.
  • Either AVG A-S will update or inform you that no update was available.
  • If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
    Once you have installed AVG A-S, double click ewido-signatures-full-current.exe to update it.

    Disabling the Resident Shield:
  • By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled.
    (When the PC has been cleaned you can activate the shield again, if you wish.)
  • Click the Shield icon at the top and under "Resident shield is..." - click active.
  • This should now change to inactive.

    Changing Recommended Actions
  • Click the Scanner icon at the top and then click the Settings Tab.
  • Under "How to act?" click Recommended actions and select "Quarantine" from the menu.
You can now close AVG A-S.

AVG A-S is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG A-S will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.
Should you wish to benefit from the real-time protection, you will need to upgrade the program. To do this, simply open it and click on the Buy now button.


2) Download SmitfraudFix.zip by S!Ri from here and save it to your Desktop.
If you already have a copy of this, delete it and download a fresh one - the fix is often updated daily.
You will then need to extract the files.
To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


Close the folder, you will need it later.

3) You will need to know how to boot into Safe Mode.
Instructions can be found here.

4) You will need to set Windows to show All Hidden Files and Folders.
Instructions can be found here.
** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **

5) Log off from the internet and disconnect your modem cable for the duration of the fix.

Removal

1) Run HJT and click on Open the Misc Tools section.
Click on delete a file on reboot...
Copy and paste the following into the "File name:" text box and then click Open:

C:\WINDOWS\SYSTEM32\winjyg32.dll

When you are asked "Do you want to restart your computer now?", click OK.

Your PC MUST reboot to delete the file!

2) After the PC has rebooted fully, boot into Safe Mode.

3) Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Press "2" and then <ENTER> to start the cleaning process.
  • Wait for the tool to complete and disk cleanup to finish.
  • You will be prompted "Registry cleaning - Do you want to clean the registry ? Press "Y" and then <ENTER>.
  • The tool will also check if wininet.dll is infected. You may be prompted to "Replace infected file ?" - press "Y" and then <ENTER>.
Your PC now needs to be rebooted. If this does not happen automatically, you will need to do so manually. Either way, your PC will need to be booted back INTO SAFE MODE.

4) Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

O2 - BHO: (no name) - {2906B0DE-ADB8-F99D-83C5-02F67010A1F5} - C:\WINDOWS\system32\jvzdcpe.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\igegenhc.dll

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmac.dll,startup
O4 - HKLM\..\Run: [fvcbsbg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fvcbsbg.dll,hyvxiue

O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll


CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

5) Remove any/all of the following files/folders that you can find:

Files

C:\WINDOWS\system32\fvcbsbg.dll
C:\WINDOWS\system32\drvmac.dll
C:\WINDOWS\system32\igegenhc.dll
C:\WINDOWS\system32\ghwtwbex.exe
C:\WINDOWS\system32\impgsje.dll
C:\WINDOWS\system32\iifddee.dll


As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'


Folders

C:\Documents and Settings\Brian\Application Data\SearchToolbarCorp
C:\Program Files\VirusBursters


As an example:
To delete C:\WINDOWS\system32\foldertogo
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on foldertogo and from the menu that appears, click on 'Delete'


6) Navigate to the C:\Windows\Temp folder and delete all the files that you find there.
Do this for all Usernames.

7) Navigate to C:\Documents and Settings\Username\Local Settings\Temp and delete all the files that you find there.
Do this for all Usernames.

8) Go to Start > Control Panel > Internet Options and under Temporary Internet files, click on Delete Files...
Check the box to the left of 'Delete all offline content' and then click on OK.

9) Go to Start > Control Panel > Display.
Select the Desktop Tab, click on Customise Desktop... and then select the Web Tab.
Under Web pages: you may see a checked entry called Security info - or similar. Highlight this entry and then click the Delete button.
Finally click OK > Apply > OK.

10) Empty the Recycle Bin.

11) Ensure that ALL open Windows / Programs / Folders are closed and then run AVG A-S.
  • If it is not already selected, click the Scanner icon at the top and then select the Scan Tab.
  • Click "Complete System Scan"
  • While the scan is in progress the PC should be left otherwise idle - so if you fancy a cuppa, now's the time to put the kettle on!
  • When the scan has completed, any threats that AVG A-S has detected will be displayed.
  • Click the Apply all actions button at the bottom.
  • When AVG A-S has finished, it will display the message "All actions have been applied".

    Saving a report:
  • Click the Save Report button at the bottom left and the "Reports" window will open.
  • The content of the scan report will be displayed in the right hand pane and a copy will be automatically saved as Report-Scan-date-time.txt into the C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports folder.
  • You will need to post a copy of this report into your next reply, so if it is more convenient, you can save another copy of this report elsewhere:
    Click the Save report as button and select a destination by clicking the down arrow to the right of the Save in: text box and then click Save.
Close AVG A-S.

12) Reboot into Normal Mode.

13) Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Press "3" and then <ENTER> to "Delete Trusted Zone".
When prompted "Restore Trusted Zone ?", press "Y" and then <ENTER>.

* Please Note: If you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection *

Will you then post the following:
  • A new HJT log,
  • The AVG A-S log,
  • The text file rapport.txt that will be found in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
    For most, this file can be found by double-clicking My Computer and then Local Disk (C:)
  • A description of how your PC is behaving.
This fix is based on a canned speech supplied by Kimberly.
  • 0

#13
Mystic988

Mystic988

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:04:33 PM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\FotomatDeviceConnect.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hijackthis\sunday.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.6.0\ViewBarBHO.dll
O2 - BHO: (no name) - {D0D70603-9345-41DC-899F-DAD04A8A5838} - C:\WINDOWS\system32\pmnnl.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\ViewBar.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.6.0\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.image...hackToolbar.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pmnnl - C:\WINDOWS\system32\pmnnl.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:32:49 PM 11/6/2006

+ Scan result:



C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{6F986E50-6E25-4B92-A42C-20D9CF566BA6}\RP57\A0040418.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{6F986E50-6E25-4B92-A42C-20D9CF566BA6}\RP57\A0040419.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{6F986E50-6E25-4B92-A42C-20D9CF566BA6}\RP57\A0040420.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{6F986E50-6E25-4B92-A42C-20D9CF566BA6}\RP57\A0038354.exe -> Downloader.Zlob.atw : Cleaned.
C:\Documents and Settings\Brian\My Documents\Brians\Utilities\SnadBoy\Revelation.exe -> Not-A-Virus.PSWTool.Win32.SnadBoy.2011 : Cleaned.
C:\Documents and Settings\Brian\My Documents\Brians\Utilities\SnadBoy\RevelationHelper.dll -> Not-A-Virus.PSWTool.Win32.SnadBoy.2011 : Cleaned.
C:\System Volume Information\_restore{6F986E50-6E25-4B92-A42C-20D9CF566BA6}\RP23\A0011552.exe -> Not-A-Virus.PSWTool.Win32.SnadBoy.2011 : Cleaned.
C:\System Volume Information\_restore{6F986E50-6E25-4B92-A42C-20D9CF566BA6}\RP23\A0011553.dll -> Not-A-Virus.PSWTool.Win32.SnadBoy.2011 : Cleaned.
:mozilla.239:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.246:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.131:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.173:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.77:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.79:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.86:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.87:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.88:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.89:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.48:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.78:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.82:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.83:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.84:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.38:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.80:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.81:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.90:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.159:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.160:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.161:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.162:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.163:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.17:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.18:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.19:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.208:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.32:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.39:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.40:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.41:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.43:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.49:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.50:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.51:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.52:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.53:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.54:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.55:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.200:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.222:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.195:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.91:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.92:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.93:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.94:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.189:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.33:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.253:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.129:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.130:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.132:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.95:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.96:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.66:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.67:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.68:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.69:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.70:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.71:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.72:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.73:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.74:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.75:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.247:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.184:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.185:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.186:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.187:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.231:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.94:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.218:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.219:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.220:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.221:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.139:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.106:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.107:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.108:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.109:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.110:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.111:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.114:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.115:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.30:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.31:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.32:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.34:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.35:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.36:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.37:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.10:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.11:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.12:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.15:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.44:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.45:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.12:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.13:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.14:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.15:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.16:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6gpka11.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.37:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.38:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.39:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.40:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.41:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.42:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.43:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\9c0le89i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{6F986E50-6E25-4B92-A42C-20D9CF566BA6}\RP58\A0044472.dll -> Trojan.Agent.vg : Cleaned.


::Report end

SmitFraudFix v2.119

Scan done at 14:52:20.03, Mon 11/06/2006
Run from C:\Program Files\SmithFraud\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\drvmac.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Brian


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Brian\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Brian\FAVORI~1

C:\DOCUME~1\Brian\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\VirusBursters\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.gunzonlin...cher/front.jpg"
"SubscribedURL"="http://www.gunzonlin...cher/front.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


and as for running im not noticing anything wrong. Running alot better.
  • 0

#14
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
There's still one slimey file left which may not be keen to go:

You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) Download VundoFix.exe from here and save it to your Desktop.
If you already have a copy on your PC, delete it and download a fresh copy - this tool is updated regularly.

2) Log off from the internet and disconnect your modem cable for the duration of the fix.

Removal

1) Double click Vundofix.exe:
  • Right click an empty area of the central window.
  • Click Add more files?
  • Copy and paste the following into the two boxes:
    • C:\WINDOWS\system32\pmnnl.dll
      C:\WINDOWS\system32\lnnmp.*
  • Click Add File(s).
  • Click Close Window.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
Please post the contents of C:\vundofix.txt, a new HJT log AND a description of how your PC is behaving.

Note: It is possible that VundoFix encountered a file it could not remove - in this case, VundoFix will run on reboot. Simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears.
  • 0

#15
Mystic988

Mystic988

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
VundoFix V6.2.7

Checking Java version...

Java version is 1.5.0.8

Scan started at 1:58:32 PM 11/7/2006

Listing files found while scanning....

C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lnnmp.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\pmnnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lnnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\lnnmp.bak2
C:\WINDOWS\system32\lnnmp.bak2 Has been deleted!

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 2:13:15 PM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\sunday.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {75001ACD-EC81-4FBA-B871-5EC900E8EDC5} - C:\WINDOWS\system32\pmnnl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\hockwdsb.dll (file missing)
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.image...hackToolbar.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Its running about the same as right before I did this I haven't really notice anything to different

How does it look know?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP